Today Salt Security have released the findings from their latest Salt Labs State of API Security Report, Q1 2023, which found that there has been a 400% increase in unique attackers (over 4800) in the last six months. The report makes it clear that attackers are getting wise to exploiting APIs – and they’re persistent. Attackers will try time and time again until something works. Last year’s report found that API attacks increased 681% in the last 12 months.
The report also found that 80% of attacks happened over authenticated APIs, making it a widespread problem for all. Given that it is one of the easiest types of attack to execute, it is no surprise that attackers are increasingly targeting this route into an organisation.
The State of API Security Report pulls data from a combination of nearly 400 survey responses and empirical data from Salt customers across a range of industries, company sizes, and job responsibilities. This year’s report, the company’s fifth, provides the deepest insights yet, including “in the wild” API vulnerability research from Salt Labs that demonstrates how respondents’ top concerns in API security manifest in real-world scenarios.
Key findings from the report include:
- API security has emerged as a significant business issue, not just a security problem, with 48% of survey respondents saying that API security has become a C-level discussion over the past year.
- The top two most valued API security capabilities are to stop attacks (44%) and identify PII exposure (44%). The ability to implement shift-left practices rated the lowest (22%).
- Vulnerabilities discovered in the wild represent a critical concern for small and large businesses alike.
- “Zombie” APIs followed by ATO top the list of API worries. In fact, 54% of respondents said outdated or “zombie” APIs are a high concern, up from 42% in the last quarter.
Data from the report shows that reliance on APIs is continuing to grow as they become ever more imperative to their organisation’s success. Simultaneously, APIs are becoming harder to protect as attacks increase exponentially and traditional tools and processes cannot stop them. The findings from Salt Labs highlight why 2023 has been dubbed the “Year of API Security”.