New Cloudflare Report: Organizations Struggle to Identify and Manage Cybersecurity Risks of APIs - Express Computer

Cloudflare's API Security and Management Report reveals the increasing use of APIs, leading to more online threats and security gaps.

Cloudflare has recently released its first-ever API Security and Management Report, and the findings are eye-opening. The report reveals that APIs, which are the backbone of many of today's most popular websites and apps, are being utilized by businesses at an unprecedented rate. However, this increased usage also means that APIs are now more vulnerable to online threats than ever before. The report highlights the significant gap between organizations' reliance on APIs and their ability to adequately protect the data that these APIs handle.

APIs play a crucial role in the digital world, powering everything from our smartphones and smartwatches to banking systems and online shopping platforms. They enable ecommerce sites to process payments, allow healthcare systems to securely share patient data, and provide real-time traffic information to taxis and public transportation services. Nearly every business today relies on APIs to improve their websites, apps, and services. However, if these APIs are not properly managed and secured, they can become a prime target for cybercriminals looking to steal sensitive information.

According to Matthew Prince, CEO and co-founder of Cloudflare, "APIs are central to how applications and websites work, which makes them a rich, and relatively new, target for hackers. It's vital that companies identify and protect all their APIs to prevent data breaches and secure their businesses."

The key findings from Cloudflare's 2024 API Security and Management Report are both alarming and informative. The report reveals that even industries that are not typically associated with high levels of online traffic, such as IoT, rail, bus and taxi services, legal services, multimedia and gaming, and logistics and supply chain, saw a significant increase in API usage in 2023.

Furthermore, APIs account for the majority of Internet traffic globally, with every region protected by Cloudflare experiencing a surge in API usage over the past year. Africa and Asia, in particular, saw explosive growth in API adoption and witnessed the highest share of API traffic in 2023.

As the popularity of APIs continues to rise, so does the frequency and sophistication of threats targeting them. Cloudflare's report highlights a significant increase in attacks on APIs, with HTTP Anomaly, Injection attacks, and file inclusion being the top three most commonly used attack types mitigated by Cloudflare.

One of the most concerning findings is the prevalence of "shadow APIs," which are endpoints that organizations are unaware of. Nearly 31% more API REST endpoints were discovered through machine learning than through customer-provided identifiers, indicating that many organizations lack a comprehensive inventory of their APIs.

Despite these challenges, the report also offers a glimmer of hope by highlighting the effectiveness of DDoS mitigation solutions in protecting APIs. In fact, one-third of all mitigations applied to API threats were successfully blocked by existing DDoS protections.

Melinda Marks, Practice Director, Cybersecurity, for Enterprise Strategy Group, emphasizes the need for more effective ways to address API security. She notes that organizations require better visibility of their APIs, secure authentication and authorization methods, and improved protection against attacks.

In conclusion, Cloudflare's API Security and Management Report serves as a wake-up call for businesses and organizations to prioritize the security of their APIs. As the digital landscape continues to evolve, it is essential for companies to invest in robust API security measures to safeguard their data and protect their customers, partners, and employees.

Share With Others