According to the survey, API usage is on the rise. Ninety-two percent (92%) of the organizations surveyed have significantly or somewhat increased their API usage with 59% already running most of their applications in the cloud. Additionally, almost 97% of organizations use APIs for communications between workloads and systems, highlighting the growing reliance on APIs in day-to-day business operations.
The real and underestimated threat of undocumented APIs
While 92% of those surveyed believe they have adequate protection for their APIs and 70% believe they have visibility into applications that are processing sensitive data, 62% admit a third or more of APIs are undocumented. Undocumented APIs leave organizations vulnerable to cyber threats, such as database exposures, data breaches, and scraping attacks.
“For many companies, there is unequivocally a false sense of security that they are adequately protected from cyberattacks. In reality, they have significant gaps in the protection around unknown and undocumented APIs,” said
Bot attacks remain a threat along with misperceptions about API protection
Nearly one third of companies (32%) surveyed stated automated bot attacks are one of the most common threats to APIs. In terms of detecting an API attack, 29% say they rely on alerts from an API gateway and 21% rely on web application firewalls (WAF).
Malka continued, “The survey data indicates that API protection is not keeping up with API usage. Many organizations are basing their API security strategies on false assumptions — for example that API gateways and traditional WAFs offer sufficient protection. This leaves APIs vulnerable and exposed to common threats, like bot attacks. A comprehensive API protection solution, that includes bot protection, will address these threats. But very few respondents indicated that they had solutions that actually did or even had the capability to provide effective security. Enterprise protection is only as strong as its weakest link.”
API attacks are flying under the radar
Half of companies surveyed viewed their existing tools as only somewhat or minimally effective at protecting their APIs, with 7% reporting that the solutions they have in place did not identify any attacks at all. The inability of the existing tools to adequately protect APIs from common threats further adds to the false security narrative.
Open source contributes to the security myth
Sixty-five percent (65%) of respondents believe that open-source code is more secure than proprietary code and nearly 74% believe that container-based deployments and microservice architectures are more secure than monolithic architectures and deployments by default.
According to Malka, “The belief that open source is more secure by design could explain why some organizations are lax when it comes to patch management. Yet, as we have seen with Log4j and Heartbleed, open source can have the same security flaws as proprietary code. Believing that open source is inherently more secure by default only further contributes to the false narrative that leaves organizations vulnerable to cyber-attacks.”
The full report can be found on Radware’s website.
Notes to editors:
METHODOLOGY
In this exclusive research study conducted for
About
©2022
THIS PRESS RELEASE AND THE 2022 STATE OF API SECURITY REPORT ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT, OR FUTURE PERIOD.
The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.
Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say that API security is not a ‘trend’ that is going away, we are using a forward-looking statement. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions and volatility of the market for our products; natural disasters and public health crises, such as the coronavirus disease 2019 (COVID-19) pandemic; a shortage of components or manufacturing capacity could cause a delay in our ability to fulfill orders or increase our manufacturing costs; our business may be affected by sanctions, export controls, and similar measures, targeting
Media Contacts:
Gerri.Dyrek@radware.com
Source:
2022 GlobeNewswire, Inc., source