API Attacks: From being overlooked to one of the major enterprise cybersecurity threats

API (Application Programming Interface) – from a tool used for the sole purpose of connecting applications, Internet services, IoT, … has now developed into one of the important components to operate. Internet system and is also one of the network security risks that businesses can face.

Akamai Technologies believes that API attacks are often overlooked in terms of magnitude and frequency, but with the development of APIs, they can become one of the biggest threats to businesses. According to the Internet Status Report on API attacks conducted by Akamai Technologies from January 1, 2020 to June 6, 2021, the number of API-related attacks tends to increase gradually, especially when Akamai’s system recorded up to 113.8 million attacks/day. This number is three times higher than the same period in 2020.

According to Gartner’s forecast: “In 2022, attacks on APIs will shift from the occasional vector to the frequent attack vector, leading to data leakage of web applications.”

Security Issues for APIs

API was developed with the main features of integrating and accessing data, in recent years, API has been widely used in digital business and service industries. However, this flexibility becomes an easy place for unexpected problems. And if only using conventional security solutions, it will be nearly impossible for businesses to ensure API security.

API vulnerabilities are similar to common web application vulnerabilities. The reason for this problem is that these applications have been intentionally left with security holes. According to this report, 48% of businesses know but still bring to market applications containing vulnerable code, 54% of these admit that the release of applications containing vulnerable code is due to application of vulnerable code. time force and user needs. Applications with these known vulnerabilities are still available, and will be updated with patches thereafter.

Some other reasons are because enterprises think that these vulnerabilities do not contain too much risk, or were discovered too late and did not have time to fix the errors before being deployed.

And what is the best way for API security?

Akamai Technologies points out 5 points that organizations and businesses need to pay attention to when using APIs. Consists of:

Learn and track APIs in use: Many organizations may have experienced API-related issues that they didn’t even know existed. Therefore, knowing where and how they are used is essential.

Check and understand existing threats with API: Of course, this requires tools and teams to help find vulnerabilities, but if organizations and businesses are not proactive in detecting them, being attacked it will be sooner or later.

Leverage all security tools throughout development, launch, and always ensure that API security reviews are performed regularly.

Don’t use a single setting for each API, prefer a series of settings for reusable APIs.

And finally, API development – at some level – requires the participation of many different departments, such as development teams, security and network operations teams, identity teams, risk management teams. , security architect and legal team.

Application security, whether API or web application development, is a complex issue that requires businesses to strike a balance between features, applications, and business needs. Recognizing risks and promptly deploying security measures is a solution for businesses to ensure information security in cyberspace. As a world leader in website, application and API firewalls, Akamai Technologies solutions ensure the security of information from the outside and from within the enterprise at the same time.

Through the distribution network of Viettel IDC partner, Akamai Technologies’ security solutions have now reached many domestic enterprises. Smart security solutions from network service providers in the US are highly appreciated by customers because of their high compatibility with Vietnam’s technology infrastructure, the system is quickly deployed in a few clicks and updated. automatically new version. In addition, customers’ websites, applications and APIs are still capable of working well even under attack thanks to the powerful Akamai Intelligent Edge Platform system…