Findings illustrate that attacks on APIs are more relentless than ever, with bad actors targeting internal and authenticated APIs
PALO ALTO, Calif., March 29, 2023 /PRNewswire/ -- Salt Security, the leading API security company, today released the Salt Labs State of API Security Report, Q1 2023. This fifth edition of the report found that attackers have upped their activity, with Salt customer data showing a 400% increase in unique attackers in the last six months. In addition, about 80% of attacks happened over authenticated APIs. Not surprisingly, nearly half (48%) of respondents now state that API security has become a C-level discussion within their organization. The report also revealed that 94% of survey respondents experienced security problems in production APIs in the past year, with 17% stating their organizations suffered a data breach as a result of security gaps in APIs. The findings from Salt Labs highlight why 2023 has been dubbed the "Year of API Security."
The State of API Security Report pulls from a combination of survey responses and empirical data from Salt customers. This year's report provides the deepest insights yet, including "in the wild" API vulnerability research from Salt Labs that demonstrates how respondents' top concerns in API security manifest in real-world scenarios.
"The rapid increase in attacks in addition to the data provided by our survey respondents reflect a growing understanding in the C-suite about the importance of purpose-built API security to reduce business risk," said Roey Eliyahu, co-founder and CEO, Salt Security. "Powered by APIs, ongoing digital transformation continues to deliver new business opportunities and competitive advantages. However, the cost of API breaches, such as those experienced recently at T-Mobile, Toyota, and Optus, put both new services and brand reputation, in addition to business operations, at risk. With bad actors continuing to find new and unexpected ways to attack APIs, organizations need to get serious about securing these critical assets."
API security has emerged as a significant business issue, not just a security problem.
API security has become a critical business issue for survey respondents' organizations, as indicated by application rollout delays, heightened awareness of API security breaches, and a lack of confidence in existing API security approaches. Specifically:
The top two most valued API security capabilities are to stop attacks and identify PII exposure. The ability to implement shift-left practices rated the lowest.
Survey respondents cited the following as the most "highly important" API security capabilities:
Attackers are more relentless than ever.
Salt customer data shows that API attacks are on the rise and bad actors are targeting internal and authenticated APIs. Data from the Salt cloud shows:
"Zombie" APIs followed by ATO top the list of API worries.
When asked about the most concerning API security risks:
Most API security strategies remain immature.
The survey found that the vast majority of organizations still lack mature API security programs:
Vulnerabilities discovered in the wild represent a critical concern.
Companies large and small have many unknown security gaps. The report notes:
Additional interesting findings from the State of API Security Report include:
Implications for API security
The survey results from the Q1 2023 State of API Security Report are clear. Respondents overwhelmingly stated that reliance on APIs is continuing to grow as APIs become ever more imperative to their organizations' success. At the same time, APIs are getting harder to protect as attacks increase and traditional tools and processes cannot stop them. Organizations must move beyond yesterday's security practices and last-generation tools to a modern security strategy that addresses security at every stage of the API lifecycle and provides a broad range of protections that foster collaboration across teams.
The State of API Security Report, Q1 2023, was compiled by researchers from Salt Labs, the research division of Salt Security, utilizing survey data from nearly 400 respondents across a range of job responsibilities, industries, and company sizes, globally. Nearly half of those surveyed, 48%, hold roles in security, 19% are executive-level security or IT leaders, and another 26% sit within the platform, DevOps, or product teams. Technology and financial services companies – widely viewed as at the forefront of API use – make up 48% of respondents. Companies large and small are evenly represented. The report also draws from anonymized and aggregated empirical data of Salt Security customers running the Salt Security API Protection Platform.
To learn more about Salt Security or to request a demo, please visit https://content.salt.security/demo.html.
About Salt Security
Salt Security protects the APIs that form the core of every modern application. Its patented API Protection Platform is the only API security solution that combines the power of cloud-scale big data and time-tested ML/AI to detect and prevent API attacks. By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights for API discovery, attack prevention, and shift-left practices. Deployed quickly and seamlessly integrated within existing systems, the Salt platform gives customers immediate value and protection, so they can innovate with confidence and accelerate their digital transformation initiatives.
Press Contact
Dex Polizzi
Lumina Communications
Salt@luminapr.com
View original content to download multimedia: https://www.prnewswire.com/news-releases/latest-salt-security-state-of-api-security-report-shows-400-increase-in-attackers-finds-api-security-has-become-a-c-level-discussion-301784038.html
SOURCE Salt Security