Two in Three CIOs Admit Lacking in API Security Measures
Some 70% of IT professionals have no processes in place to ensure data accessed by applications consuming their APIs is managed securely, according to the Global State of API Security Survey 2015.
An API, or application program interface, is a set of routines, protocols and tools for building software applications that explain how software components should interact. The survey reveals that API security is an identified risk for many IT departments and business managers.
Almost two-thirds of API owners do not consider the security of their data an issue once it leaves their domain via the API, the report authors say. When filtering for organizations with more than 50 APIs in production, the percentage who have no processes for checking the security of the API consumer falls to 43%. “This drop is possibly reflective of a generally more rigorous security policy in API-intensive organizations. Industry experience underscores the potential business impact of this threat,”Â researchers say.
Some 60% of respondents were “confident” or “very confident”Â in the security of APIs, with a fairly high level of confidence that connection will be secure. Yet almost 30% of respondents are unsure about their API security. Only 6% lacked confidence in API security. Although 60% of respondents felt confident in API security, 75% reported that API security was a CIO-level concern, as CIOs are responsible not only for operating and securing a new kind of software, but for complete business execution. API security was also an issue for business managers in 65% of respondents’ organizations.
Nearly 46% of survey respondents did not rate limit access to their APIs, a control that can reduce the risk of hacking. Larger organizations (1,000+) and shops with 50+ APIs were more likely to use rate limiting but, even then, more than 30% responded “Not Applicable.”
“This is alarming because rate limiting is one of the best countermeasures against distributed denial of service (DDOS attacks on APIs.),”Â the report authors conclude.
In 2013, the lack of rigorous security policy in API-intensive organizations exposed phone numbers and user names of Snapchat users. More than 4.6 million usernames and phone numbers were leaked on New Year’s Eve after anonymous hackers dubbed ‘Snapchat DB’ abused the application’s Find Friends service, according to HOTforSecurity.
The Global State of API Security Survey 2015 conducted 1,200 CIOs, CSOs and security specialists in May 2015.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021