We increasingly rely on APIs to deliver the smooth sharing of information between applications. But their very functionality and ease of use is also a gift to attackers.
A recent report from Cequence Security shows that 80 percent, or 1.8 billion, blocked attacks between June and December 2021 were found to be API-based. At the same time APIs exposing sensitive data like payment (PCI) or personally identifiable information (PII) have increased by 87 percent.
There has been a 95 percent increase in the use of APIs to facilitate account logins and registrations. But account takeovers, often the precursor to fraud, data loss or system compromise, also increased 62 percent and GraphQL usage shot up 133 percent.
In addition content scraping against APIs — which can lead to the loss of commercially sensitive information — increased 178 percent.
Matt Keil, director of product marketing at Cequence Security, writes on the company’s blog, “Looking at the data from a developer-centric perspective, the analysis shows growth in the use of new tools like GraphQL and the adoption of OpenAPI specifications, both of which can accelerate the delivery of more secure and consistently coded APIs. On the flip side, the analysis showed dramatic increases in APIs that use or can expose too much data, introducing potential security risks.”
You can read more on the Cequence blog and there’s a summary of the findings in the infographic below.
Photo Credit: Panchenko Vladimir/Shutterstock