According to a new study from Thales, increased API adoption and AI-powered bot attacks are on the rise and costing global organizations tens of billions of dollars annually.
The firm’s new Economic Impact of API and Bot Attacks report is based on an analysis of 161,000 cybersecurity incidents by Thales business unit Imperva and the Marsh McLennan Cyber Risk Intelligence Center.
It claimed that the cost of insecure APIs has increased from $12bn in 2021 to $35-87bn today, while up to $116bn can be attributed to bot attacks. The average losses associated with bot and API threats are $94-186bn.
The report noted that rapid adoption of APIs, low levels of in-house know-how, and poor communication between security and development teams are exacerbating the problem. Threat actors often use automated bots to probe for exposed, insecure, and/or misconfigured APIs.
APIs are a popular target as they can provide a direct pathway to sensitive enterprise and customer data.
The report also claimed that generative AI is helping even inexperienced threat actors to launch sophisticated bot attacks by enhancing evasion techniques.
Larger Companies in the Crosshairs
Thales revealed that companies with revenue of at least $100bn are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats comprise 26% of all security incidents organisations face, compared to an average of 12%.
The reason is that more prominent companies are more likely to have large, complex API ecosystems that contain exposed and insecure APIs. According to the report, the average enterprise managed 613 API endpoints in production last year.
“Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models,” argued Nanhi Singh, general manager of application security at Imperva.
“At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.”
He added that the threat’s interconnected nature means organizations must integrate security strategies for bot and API attacks.
Source: https://www.infosecurity-magazine.com/news/insecure-apis-bot-attacks-cost/
Latest News:
- #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals
Software updates are critical in protecting systems from cyber threats and providing new and improved functionality to software products. They are necessary to patch vulnerabilities that can be exploited by malicious actors, ensuring that systems remain secure. Software updates are one of the four pillars of the 2024 International Cybersecurity Awareness Month campaign. As part … - Universal Music Group Admits Data Breach
Universal Music Group (UMG), one of the world’s largest music corporations, disclosed a data breach in mid-July 2024. According to a filing with the Maine Attorney General’s Office, the breach may have exposed the personal information of 680 US residents. In the filing, UMG said it detected unauthorized activity in one of its internal applications on July 15, … - Sellafield Fined for Cybersecurity Failures at Nuclear Site
Sellafield Ltd. has been fined £332,500 ($437,440) for cybersecurity failures at the Sellafield nuclear facility in Cumbria, North-West England. Westminster Magistrates Court issued the fine following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060). The offences …
[…] Read now: Insecure API and Bot Attacks Cost Global Firms $186bn […]