Tuesday, 21 June 2022 09:09

Radware research finds overconfidence in API protection leaves enterprises exposed to cyber attacks

0
Shares
By Radware
Radware chief operations officer and head of research and development Gabi Malka

GUEST RESEARCH: Radware, a leading provider of cyber security and application delivery solutions, today released its 2022 State of API Security report. The survey, which was conducted with Enterprise Management Associates, revealed a false sense of security among organisations when it comes to API protection.

The survey includes responses from chief information officers, chief technology officers, vice presidents of IT, and IT directors from global organisations across North America, EMEA, and APAC.

According to the survey, API usage is on the rise. Ninety-two percent of the organisations surveyed have significantly or somewhat increased their API usage with 59% already running most of their applications in the cloud. Additionally, almost 97% of organisations use APIs for communications between workloads and systems, highlighting the growing reliance on APIs in day-to-day business operations.

The real and underestimated threat of undocumented APIs

While 92% of those surveyed believe they have adequate protection for their APIs and 70% believe they have visibility into applications that are processing sensitive data, 62% admit a third or more of APIs are undocumented. Undocumented APIs leave organisations vulnerable to cyber threats, such as database exposures, data breaches, and scraping attacks.

"For many companies, there is unequivocally a false sense of security that they are adequately protected from cyberattacks. In reality, they have significant gaps in the protection around unknown and undocumented APIs," said Radware chief operations officer and head of research and development Gabi Malka.

"API security is not a 'trend' that is going away. APIs are a fundamental component to most of the current technologies and securing them must be a priority for every organisation."

Bot attacks remain a threat along with misperceptions about API protection

Nearly one third of companies (32%) surveyed stated automated bot attacks are one of the most common threats to APIs. In terms of detecting an API attack, 29% say they rely on alerts from an API gateway and 21% rely on web application firewalls (WAF).

Malka continued, "The survey data indicates that API protection is not keeping up with API usage. Many organisations are basing their API security strategies on false assumptions — for example that API gateways and traditional WAFs offer sufficient protection. This leaves APIs vulnerable and exposed to common threats, like bot attacks.

"A comprehensive API protection solution, that includes bot protection, will address these threats. But very few respondents indicated that they had solutions that actually did or even had the capability to provide effective security. Enterprise protection is only as strong as its weakest link."

API attacks are flying under the radar

Half of companies surveyed viewed their existing tools as only somewhat or minimally effective at protecting their APIs, with 7% reporting that the solutions they have in place did not identify any attacks at all. The inability of the existing tools to adequately protect APIs from common threats further adds to the false security narrative.

Open source contributes to the security myth

Sixty-five percent of respondents believe that open-source code is more secure than proprietary code and nearly 74% believe that container-based deployments and microservice architectures are more secure than monolithic architectures and deployments by default.

According to Malka, "The belief that open source is more secure by design could explain why some organisations are lax when it comes to patch management. Yet, as we have seen with Log4j and Heartbleed, open source can have the same security flaws as proprietary code. Believing that open source is inherently more secure by default only further contributes to the false narrative that leaves organisations vulnerable to cyber-attacks."

The full report can be found here.

About Radware

Radware (NASDAQ: RDWR) is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection, and availability services to enterprises globally. Radware's solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity, and achieve maximum productivity while keeping costs down. For more information, please visit the Radware website.

Read 88 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Guest Research
Tagged under

Related items

Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top