2 min read

Two in Three CIOs Admit Lacking in API Security Measures

Răzvan MUREȘAN

August 11, 2015

Two in Three CIOs Admit Lacking in API Security Measures

Some 70% of IT professionals have no processes in place to ensure data accessed by applications consuming their APIs is managed securely, according to the Global State of API Security Survey 2015.

An API, or application program interface, is a set of routines, protocols and tools for building software applications that explain how software components should interact. The survey reveals that API security is an identified risk for many IT departments and business managers.

Almost two-thirds of API owners do not consider the security of their data an issue once it leaves their domain via the API, the report authors say. When filtering for organizations with more than 50 APIs in production, the percentage who have no processes for checking the security of the API consumer falls to 43%. “This drop is possibly reflective of a generally more rigorous security policy in API-intensive organizations. Industry experience underscores the potential business impact of this threat,” researchers say.

Some 60% of respondents were “confident” or “very confident” in the security of APIs, with a fairly high level of confidence that connection will be secure. Yet almost 30% of respondents are unsure about their API security. Only 6% lacked confidence in API security. Although 60% of respondents felt confident in API security, 75% reported that API security was a CIO-level concern, as CIOs are responsible not only for operating and securing a new kind of software, but for complete business execution. API security was also an issue for business managers in 65% of respondents’ organizations.

Nearly 46% of survey respondents did not rate limit access to their APIs, a control that can reduce the risk of hacking. Larger organizations (1,000+) and shops with 50+ APIs were more likely to use rate limiting but, even then, more than 30% responded “Not Applicable.”

“This is alarming because rate limiting is one of the best countermeasures against distributed denial of service (DDOS attacks on APIs.),” the report authors conclude.

In 2013, the lack of rigorous security policy in API-intensive organizations exposed phone numbers and user names of Snapchat users. More than 4.6 million usernames and phone numbers were leaked on New Year’s Eve after anonymous hackers dubbed ‘Snapchat DB’ abused the application’s Find Friends service, according to HOTforSecurity.

The Global State of API Security Survey 2015 conducted 1,200 CIOs, CSOs and security specialists in May 2015.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read