An analysis of cybersecurity breaches in 2022 conducted by FireTail, a provider of a platform for securing application programming interfaces (APIs), found only 12 publicly recorded breaches involving APIs, with six more being disclosed thus far in 2023.
However, the average mean size of API data breach exposure is over 10 million records per incident. With the total cost of a single breached record being $180, the total cost of API security breaches easily can be as high as $85 billion, the report found.
The top two categories of data breaches involving API security are authorization at 135 million records, or 28% of all records breached, and authentication, at 105 million records, or 22% of all records breached.
FireTail CEO Jeremy Snyder said that with more than 85% of internet traffic moving across APIs, it’s now only a matter of time before the number of API security breaches and the total cost increases. Unfortunately, the level of focus on API security is not commensurate with the potential risk to the business, he added.
In addition, the level of available API security expertise remains limited. For example, one often overlooked consideration in the authentication process is the need to validate authentication credentials repeatedly and binding credentials to an active session. Long-lived credentials, like static API keys, are subject to secrets sprawl. Some common authentication mechanisms may even introduce vulnerabilities into APIs.
As such, it’s important that APIs are designed to force authentication on a regular basis rather than only checking whether a token conforms to the expected format.
It’s not always clear who is responsible for API security. But as cybercriminals appreciate how much d ..
Support the originator by clicking the read the rest link below.