30 March 2023

API SPRAWL: It’s the No. 1 cybersecurity issue you’ve probably never heard of. And it’s only getting worse...(Jyoti Bansal writing in Forbes)

 


41 minutes ago — This is known as API sprawl. It's the No. 1 cybersecurity issue you've probably never heard of. And it's only getting worse.


"When Chinese government-backed hackers accessed the Microsoft Exchange server in 2021, they didn’t break through tough firewalls to access the network. They came right in through an open door.

Application programming interfaces, or APIs, are bits of code that allow different software applications to interface and “talk” with each other. Increasingly, hackers exploit vulnerabilities in these open portals to access sensitive data and wreak havoc.

APIs help companies deliver seamless customer experiences, but here’s the problem: Their use proliferates so quickly that most companies don’t even know which and how many APIs they are using—let alone how to protect them from attack. This is known as API sprawl. . .

Who should care about API security? Everyone.

In the 20th century, cybersecurity meant creating firewalls to restrict unauthorized users from accessing computer systems or networks. However, with the current demand for interconnectivity, software users require more. This is where APIs come into play.

As I wrote in a recent LinkedIn blog post: "If a protected network is like a walled compound, APIs are the doors and windows that allow for the free flow of traffic. They enable the countless convenient integrations we use daily, from the weather widget on the home screen of your computer to the mapping website that shows the nearest dentist to the PayPal checkout button on an e-commerce website."

Security breaches, like T-Mobile’s recent disclosure of a breach that affected approximately 37 million customers, are regular reminders of potential API vulnerabilities.

But API security is paramount when sensitive data is transferred—as in banking, telecommunications, healthcare or some government services. This year alone, hackers gained access to the sensitive health information of more than 41 million people in 482 confirmed cybersecurity breaches at U.S. hospitals, doctors' offices and other healthcare providers. . ."

READ MORE 

TechRadar
API security - why now?
Because the sprawl of APIs in organisations has created an extended attack surface that is ripe with low effort, high reward opportunities.
.
5 days ago

No comments:

CRYPTO MEME TOKEN JUMPS: Creating Market Value

Dogecoin increased by as much as 24.6% on Tuesday to nearly $0.44 and by about 10% on Wednesday to over $0.42 as of around 10:25 a.m. EST, s...