Cyber

API remains a grey area

by Mark Rowe

The desire for organisations to be more open has led to a significant rise in API usage. The 2023 Hype Cycle for APIs survey by Gartner highlights the pressing demand for API design and management skills, second only to application security, writes Andy Grolnick, pictured, CEO of the Texas-based platform, Graylog.

APIs [short for application programming interface, or the set of defined rules that enable different applications to communicate with each other] remain insufficiently protected because no one owns API security. Security teams cover defence, but developers build the APIs while focusing on speed. Security teams have had to trust developers to fix issues during creation. The acceleration of API adoption has outpaced companies’ capacity to secure these interfaces, rendering APIs prime targets. Their public documentation lowers attack barriers, enabling hackers to readily identify and weaponise vulnerabilities to illicitly access endpoints. Manipulation of loosely governed endpoints grants data release and systemic control.

Consequently, while network attacks will continue to linger, targeted application-level hacks are poised to surge in 2024. A Graylog and Enterprise Strategy Group (ESG) research report from August 2023 shows that more than half of organisations (57pc) have faced multiple API security incidents and 35 per cent faced at least one incident within the last year. Authentication problems were the most concerning aspect of API security with 41pc of respondents rating authentication as a significant concern. 

Hackers will attempt to penetrate systems by disrupting applications backed up by an acute awareness that most organisations will secure their networks but fail to do the same with their APIs – leaving them open and exposed.

Additionally, as hackers get more creative with gaining access, perimeter defences will become inadequate at protecting APIs. Organisations will need to prioritise the internal monitoring of API traffic to catch suspicious user behaviour, as perimeter security alone will fail to keep pace.

With a clear uptrend in application-level threats, these are the API security trends that security professionals should anticipate in 2024.

Governance strategies

As organisations adopt APIs to unlock new services or heighten efficiency, API governance will become integral to API security. Currently, deficient governance processes restrict visibility into digital resources, exacerbating risk. To bolster defence, CISOs must collaborate with development teams to instate API governance frameworks.

Attack identification and incident response require environmental insight and vulnerability awareness from security leaders. Cross-functional coordination, discovery protocols, and policy/standards for API functionality may cultivate visibility.

Overall, robust API governance should transform discovery findings into security KPIs, establishing organisational benchmarks to gauge and refine postures. Monitoring governance metrics will enable businesses to chart progress in securing increasingly critical API landscapes.

Inside-the-perimeter threat defences

The continuous evolution of APIs means that organisations will always have exposed vulnerabilities that require remediation. Consequently, 2024 will initiate a new phase where visibility becomes imperative for API security plans. Preventing intruder access cannot fully safeguard perimeters. However, real-time visibility of the security landscape allows response teams to swiftly neutralise threats before operations or data are impacted.

For instance, conventional perimeter solutions only track requests, not responses. Attackers posing as clients have seemingly legitimate requests. Multifaceted security encompassing both perimeter and internal defences enables visibility. Comprehensive API fidelity is vital to catch novel assaults as hackers conjure creative ways to evade traditional tools.

SIEM/SOAR integration

Come 2024, we foresee automation assuming higher prominence in API defence systems. Offerings will provide the opportunity to create more bespoke threat diagnostics and warnings, enabling real-time threat investigation and mitigation. Cohesion with SIEM and SOAR platforms is likely to strengthen and empower rapid incident response.

Standards

As APIs grow, regulators require increasing API transparency leading to privacy rules that will further shape API use in 2024. As a result, companies will need to be concerned about third parties accessing their data for security evaluations.

We expect companies will increasingly demand localised security tools in 2024. On-site or private cloud solutions remove the need to scrub data before storage. This shift gives companies greater control over sensitive data to meet compliance rules.

Security data lakes

API security solutions must be scalable to adapt to the needs of both small and large organisations. In 2024, we expect to see the adoption of proven data lake technology. This technology enables data to be stored in a security-centric schema and accessed through standard SQL queries. Businesses can set data retention policies to balance accessibility with resource utilisation and costs.

API security remains a grey area between app development and security teams and is not yet a top priority for organisations. Unfortunately, it may take a significant attack to encourage widespread adoption of API security despite its growing concerns because while APIs constitute the majority of web traffic, they remain critically vulnerable to attacks.

Shifting to a proactive approach to securing APIs will be crucial to warding off sophisticated hackers and side-stepping potentially devastating attacks. By sharing trends like these, we can all learn from each other and look to refocus our energy on innovation and growth in the knowledge that our organisations are safe from threats. 

Related News

  • Cyber

    Masters of data?

    by Mark Rowe

    Only a minority of companies in Europe, the Middle East and Africa (EMEA) are confident they can master their data – that…

  • Cyber

    Cloud Exposure Report

    by Mark Rowe

    The global Covid-19 disease and recession, with the uncertainty they bring, appear to have had no obvious effect on the fundamental nature…

  • Cyber

    Network joiner

    by Mark Rowe

    Elektrilevi, an Estonian network operator with around 475,000 customers, has joined the European Network for Cyber Security (ENCS). Elektrilevi, which maintains a…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing