Cloudflare’s latest report highlights the escalating cybersecurity challenges organizations face in managing and identifying risks associated with Application Programming Interfaces (APIs).
APIs, the backbone of websites and applications, are increasingly exploited by businesses, creating a vulnerability to online threats. The report emphasizes the significant gap between API usage by organizations and their ability to secure the associated data.
APIs play a crucial role in the digital landscape, facilitating communication in devices and systems, from smartphones and smartwatches to banking and healthcare platforms. While APIs enhance the functionality of various services, their unmanaged or insecure implementation poses a substantial risk of data breaches, according to Cloudfare, a connectivity cloud company.
Read:
Prioritizing software compliance for cybersecurity in infrastructure projects
Trend Micro: AI-driven attacks to persist in 2024
“APIs are central to how applications and websites work, which makes them a rich, and relatively new, target for hackers, ” said Matthew Prince, CEO and co-founder at Cloudflare. “It’s vital that companies identify and protect all their APIs to prevent data breaches and secure their businesses.”
Widespread integration of API
The report reveals that industries such as the Internet of Things (IoT), transportation, legal services, multimedia, games, logistics, and supply chain exhibit substantial API traffic growth, showcasing the widespread integration of APIs.
APIs account for the majority of global internet traffic (57%), with Africa and Asia witnessing the highest adoption rates in 2023. The surge in API popularity has attracted a corresponding increase in cyber threats, with HTTP Anomaly, Injection attacks, and file inclusion being the most prevalent attack types mitigated by Cloudflare.
One notable challenge identified is the prevalence of shadow APIs, which often remain unprotected due to a lack of visibility. Approximately 31% more API REST endpoints were discovered through machine learning compared to customer-provided identifiers, highlighting the incomplete inventory of APIs within organizations.
The report underscores the effectiveness of Distributed Denial of Service (DDoS) mitigation solutions in protecting APIs, blocking one-third (33%) of all applied mitigations against API threats.
Cloudflare emphasizes the need for organizations to enhance API security through improved visibility, secure authentication, authorization practices, and robust protection against attacks.