Are APIs the Key to Digital Innovation or a Trojan Horse?

With businesses under pressure to deliver continuous innovation, APIs stand as both the linchpins of progress and potential vectors of risk. Their ability to enhance system connectivity and streamline operations is undisputed. Yet, APIs have increasingly become favored targets for cybercriminals, serving as gateways for account takeover attacks and identity theft.

Without robust protection, APIs are vulnerable to cyberattacks. Credential stuffing, business logic abuse, and DDoS attacks are just some of the malicious automated bot attacks deployed to take over accounts and perpetrate identity theft and fraud. The ease with which attackers can deploy such tactics, thanks to readily available scripts and tools, underscores a grim reality. Business’s legacy defenses are often ill-equipped to fend off these advanced threats.

This is why we commissioned a new report surveying 235 IT and cybersecurity decision-makers across Europe, to shed light on the state of API security. The findings are a reminder of the need for enhanced protective measures. The report offers crucial insights into companies' API security concerns, providing essential input to shape cybersecurity strategies and help establish a secure digital environment.

We found that 84% of respondents admitted to not having any kind of advanced API security in place. What’s more, only 14% viewed using AI technologies in API security as a priority. This lack of preparedness is not confined to specific sectors. Even highly regulated sectors, such as finance and insurance, find themselves outmatched by the sophistication of attacks on their APIs. Interestingly, only 80% of respondents in financial services placed a high or very high level of importance on API security. This compares with 89% in wholesale, retail and e-commerce.

Other key findings from our report

  • In the last year, 95% of respondents encountered API security issues. Of these, 39% dealt with API vulnerabilities, while 33% encountered authentication problems.

  • 69% of respondents express interest in a unified solution for web application and API security from a single provider.

  • To detect an API attack, 55% of respondents rely on API gateway alerts, 46% search log data, and 37% utilize WAF.

What, then, is the path forward? How can companies fortify their digital assets against cyber threats?

The roadmap to secure APIs

The first step in reinforcing defenses is to integrate web applications and API security solutions from a single provider. This consolidated approach ensures a seamless security posture across all digital touchpoints, reducing the complexity and potential gaps that could be exploited by attackers.

For example, Fastly’s API security enables visibility and protection against OWASP’s Top 10 API Security Risks and payloads, targeting specific API protocols to protect APIs everywhere they live. Our protection enhances companies’ security postures, unifies visibility and decision-making, and empowers application development for organizations making their applications faster, safer, and more engaging.

Furthermore, incorporating AI-based tools into a business's security arsenal could be a step forward in tackling the complexity of the API landscape. Our report found that 58% of security professionals anticipate that generative AI will have a ‘large or very large’ impact on API security over a window of approximately 2-3 years. This expectation increases to 75% among financial institutions and insurers. That said, there is currently little enthusiasm for this. Only 14% of the individuals surveyed regarded the use of AI technologies in API security as a priority.

Going forward, the importance of secure APIs is critical. They are a key driver of digital progress, enabling innovation and growth. However, as our report reveals, there is an urgent need for heightened awareness and action to protect against cyber threats. By embracing a unified and potentially AI-enhanced approach to security, companies can ensure that their APIs serve as conduits for innovation, not vulnerabilities waiting to be exploited.

Download the full report now to delve into key findings, vertical insights, and regional data, enabling the creation of a secure digital environment.

Jay Coley
Senior Security Architect

3 min read

Want to continue the conversation?
Schedule time with an expert
Share this post
Jay Coley
Senior Security Architect

After spending time in the U.S. military, Prolexic Technologies – the first full cloud DDoS mitigation platform – Akamai Technologies, and more recently Trend Micro, Jay Coley brings over 25 years of security experience to Fastly. Jay's role is to increase industry focus and visibility on the Fastly Edge platform as a fully-fledged security vendor in EMEA.

Ready to get started?

Get in touch or create an account.