Web Application Program Interfaces (APIs) are becoming increasingly popular, causing all sorts of cybersecurity issues in the process.
That's according to a new report from Noname Security, which surveyed 3000 employees at 350 companies about the challenges associated with APIs.
The company found that APIs are extremely popular these days, with the average organization leveraging 15 APIs in total, up 564% year over year.
security incidents
However, many companies face problems. More than two in five (41%) have had an API-related cybersecurity incident in the past twelve months, with nearly two-thirds (63%) related to a data breach or loss.
For example, one of the largest marketing automation platforms and email marketing services, MailChimp, was hacked by attackers who also accessed the (now defunct) API keys of an unknown number of clients.
With the keys, attackers could create custom email campaigns and send them to mailing lists without accessing the MailChimp customer portal.
Nearly all companies (90%) have API authentication policies in place, but a third (31%) said they weren't exactly sure these policies provided an adequate level of protection.
Additionally, a third (35%) had their projects delayed due to API security issues, and 87% believed that integrating API security testing into developer pipelines could have prevented delays .
About half (51%) fully trust their API inventories, and a quarter (26%) add that their inventory update processes are manual.
“As API usage continues to grow, this extreme level of usage and dependency has allowed many vulnerabilities to emerge, making securing these APIs across industries more critical than ever,” said Daniel Kennedy, Research Analyst main of 451 Research.
"This report should help companies of all sizes in a variety of industries make the informed decisions they need when designing their API security strategy."