API attacks on the rise but organizations are not prepared

A new report shows that while 14 percent of organizations experienced an API attack in the last 12 months, only 38 percent say they have an API security solution in place.

The research from Traceable AI, based on a security of cybersecurity delegates at the RSA conference, finds that although 43 percent of organizations say they do not struggle with API sprawl, 33 percent are unsure if they are managing it effectively, and 24 percent acknowledge they are struggling.

Half of organizations say they don't have a dedicated team member or team for API security, up by 10 percent from last year. In addition API security ownership has increasingly become the responsibility of the CISO (44 percent), up by six percent from the previous year. However, 24 percent of respondents do not know who owns API security in their organization, highlighting the need for clearer roles and responsibilities.

"As digital transformation continues to accelerate and APIs become increasingly critical to business operations, organizations must remain vigilant in the face of evolving threats," writes Jessica Marie, security evangelist at Traceable AI, on the company's blog. "The survey highlights the importance of collaboration, visibility, and proactive measures in mitigating API security risks. By fostering a shared sense of responsibility for API security across the organization, investing in the necessary resources and expertise, and staying informed about the latest trends and best practices, businesses can build more resilient API ecosystems."

Among organizations that experienced an API attack, 41 percent say they're unsure if they baseline API behavior to detect anomalies, while another 41 percent confirm they don't.

You can read more on the Traceable AI blog.

Image Credit: Alexandersikov / Dreamstime.com