According to the findings of this year's survey, APIs, a technology that supports today's most popular sites and apps, are being used by businesses more than ever before, ultimately opening the door to more online risks than ever before. The analysis highlights the disconnect between organizations' use of APIs and their capacity to protect the data those APIs touch.
APIs power the digital world—they allow our phones, wearables, financial systems, and ecommerce sites to communicate with one another. They can assist ecommerce sites in accepting payments, allow healthcare systems to securely transmit patient data, and even provide taxis and public transportation with real-time traffic data. Today, nearly every organization uses them to create and provide better websites, apps, and services to customers. APIs, on the other hand, present a goldmine for threat actors to exfiltrate potentially sensitive information if left unmanaged or insecure.
“APIs are central to how applications and websites work, which makes them a rich, and relatively new, target for hackers,” said Matthew Prince , CEO and co-founder at Cloudflare . “It’s vital that companies identify and protect all their APIs to prevent data breaches and secure their businesses.”
Key findings from Cloudflare’s 2024 API Security and Management Report include:
- Even unlikely industries see high spikes of API traffic: The seamless integrations that APIs allow for have driven organizations across industries to increasingly leverage them – some more quickly than others. The IoT, rail, bus and taxi, legal services, multimedia and games, and logistics and supply chain industries saw the highest share of API traffic in 2023.
- API traffic accounts for the majority of Internet traffic: APIs account for 57% of dynamic Internet traffic worldwide, with usage increasing in every location that Cloudflare defends over the last year. However, Africa and Asia were the top regions that rapidly adopted APIs and saw the biggest traffic share in 2023.
- APIs face an array of frequent and increasing threats: Threat actors will try all methods required to get access to any popular business important function that holds sensitive data. The popularity of APIs has resulted in an increase in attack volume, with HTTP Anomaly, Injection assaults, and file inclusion being the top three most regularly utilized attack types neutralized by Cloudflare.
- Shadow APIs provide a defenseless path for threat actors: Organizations struggle to safeguard what cannot be seen. Machine learning detected over 31% more API REST endpoints (when an API connects with a software application) than customer-provided IDs - e.g., enterprises do not have a complete inventory of their APIs.
- DDoS mitigation solutions are one of the most effective tools to protect APIs: Regardless of whether a business has complete visibility of all of its APIs, DDoS mitigation technologies can assist in blocking possible threats. DDoS safeguards already in place blocked one-third (33%) of all mitigations applied to API threats.
“APIs are powerful tools for developers to create full-featured, complex applications to serve their customers, partners, and employees, but each API is a potential attack surface that needs to be secured,” said Melinda Marks, Practice Director, Cybersecurity, for Enterprise Strategy Group. “As this new report shows, organizations need more effective ways to address API security, including better visibility of APIs, ways to ensure secure authentication and authorization between connections, and better ways to protect their applications from attacks.”
For more such updates please subscribe to our Newsletter .
