We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!
Today, Imperva released a report entitled The Cost of API Insecurity, which analyzed approximately 117,000 security incidents and found that API costs the organization between $ 41 billion and $ 75 billion annually.
It turns out that large organizations are at greater risk of API-related breaches, with enterprises earning more than $ 100 billion being three to four times more likely to experience API vulnerabilities than small or medium-sized businesses.
Above all, the report highlights that failing to prioritize APIs is a costly mistake, especially when many insecure APIs are directly connected to backend databases where sensitive data is vulnerable to access and exfiltration.
How is the enterprise getting API security so wrong?
Organizations have consistently failed to secure APIs, with 95% of organizations experiencing API security incidents in the last 12 months, and 34% admitting that they lack any form of API security strategy – despite running APIs in production.
“Many organizations have failed to secure their APIs because they need the equal participation of security and development teams,” said Labin Chang, API Security, vice president of Imperwana. “Historically, these groups have been at odds – security is a small party, and Devops are irresponsible and moving too fast.”
“To address these challenges, security leaders need to enable application developers to create secure code using technology that works lightly and efficiently,” Chang added.
Chang recommends that any solutions that security teams deploy should include API search and data classification. In this way, analysts can detect the API’s schema, identify and classify the data flowing through it, and use the test to detect any potential vulnerabilities.
API Security Landscape
With the widespread adoption of hybrid and multicloud environments, many organizations are beginning to look for solutions that can secure existing APIs in this decentralized environment.
One of the leading providers in charge of securing the API is Salt Securities, which raised $ 140 million as part of a Category D funding round and achieved a $ 1.4 billion valuation earlier this year. Salt Security provides an API protection platform that uses AI and machine learning to scan for APIs, vulnerabilities and open data.
Another major provider on the market is Nonam Securities, which provides real-time automated search and response solutions to API-powered threats, and raised $ 135 million last year as part of a Category C funding round (valued at $ 1 billion).
The focus on API security is also growing among smaller providers, such as Corsha, which raised $ 12 million as part of a Category A funding round earlier this year.
Venturebeat’s mission Digital Town Square is set to become a place for technical decision makers to gain knowledge about the changing enterprise technology and practices. Learn more about membership.