PRESS RELEASE
CAMBRIDGE, Mass., March 19, 2024/PRNewswire/ — Akamai Technologies, Inc. (NASDAQ:AKAM), the cloud company that powers and protects life online, today released a new State of the Internet (SOTI) report.
Lurking in the shadows: Attack trends shed light on API threats highlights the array of attacks targeting APIs and finds that 29% of overall web attacks targeted APIs from January to December 2023. Commerce is the most attacked vertical with 44% of API attacks, followed by business services with almost 32%.
APIs are vital to most organizations because they improve employee and customer experiences. Unfortunately, cybercriminals have exploited this digital innovation and the rapid expansion of the API economy to create new opportunities for exploitation. The new SOTI notes that these attacks will continue to increase as demand for API usage increases and urges organizations to adequately account for and secure their APIs.
This latest research analyzes some of the most common problem areas regarding both posture and runtime challenges. It offers several case studies that highlight the real-world implications of API security for organizations and features in-depth reports with data for the Europe, Middle East and Africa (EMEA) region and the Asia-Pacific and Japan (APJ) region.
Other key findings from the report include:
● Abuse of business logic is a critical concern because it is difficult to detect anomalous API activity without establishing a baseline for API behavior. Organizations without solutions to monitor anomalies in API activity are at risk of runtime attacks such as data scraping, a new data breach vector that uses authenticated APIs to slowly extract data from within.
● The range of API attacks includes proven methods such as Local File Inclusion (LFI), Structured Query Language injection (SQLi) and Cross-Site Scripting (XSS) to infiltrate their targets.
● APIs are at the heart of most digital transformations today, so it’s critical to understand industry trends and relevant use cases, such as loyalty fraud, abuse, authorization and card attacks.
● Organizations should think about compliance requirements and emerging legislation early in the security strategy process to avoid the need to redesign.
“APIs are increasingly critical to organizations, but their security is often not designed around their capabilities, or the security team is unable to keep up with the rapid deployment of new technology,” said Steve Winterfeld, Advisory CISO at Akamai. “Lurking in the Shadows: Attack Trends Shine Light on API Threats provides insight and visibility to help organizations leverage best practices to protect customers.”
This year marks the tenth anniversary of Akamai State of the Internet (SOTI) report.. The SOTI series provides expert insights into the cloud security and web performance landscape, based on data collected from the Akamai Connected Cloud.
About Akamai
Akamai powers and protects life online. Leading companies around the world choose Akamai to create, deliver and secure their digital experiences, helping billions of people live, work and play every day.
Akamai Connected Cloud, a widely distributed edge and cloud platform, brings apps and experiences closer to users and wards off threats. Learn more about Akamai’s cloud computing, security and content delivery solutions at akamai.com AND akamai.com/blogor follow Akamai Technologies on Xformerly known as Twitter, e LinkedIn.