According to a new study from Thales, increased API adoption and AI-powered bot attacks are on the rise and costing global organizations tens of billions of dollars annually.
The firm’s new Economic Impact of API and Bot Attacks report is based on an analysis of 161,000 cybersecurity incidents by Thales business unit Imperva and the Marsh McLennan Cyber Risk Intelligence Center.
It claimed that the cost of insecure APIs has increased from $12bn in 2021 to $35-87bn today, while up to $116bn can be attributed to bot attacks. The average losses associated with bot and API threats are $94-186bn.
The report noted that rapid adoption of APIs, low levels of in-house know-how, and poor communication between security and development teams are exacerbating the problem. Threat actors often use automated bots to probe for exposed, insecure, and/or misconfigured APIs.
APIs are a popular target as they can provide a direct pathway to sensitive enterprise and customer data.
The report also claimed that generative AI is helping even inexperienced threat actors to launch sophisticated bot attacks by enhancing evasion techniques.
Larger Companies in the Crosshairs
Thales revealed that companies with revenue of at least $100bn are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats comprise 26% of all security incidents organisations face, compared to an average of 12%.
The reason is that more prominent companies are more likely to have large, complex API ecosystems that contain exposed and insecure APIs. According to the report, the average enterprise managed 613 API endpoints in production last year.
“Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models,” argued Nanhi Singh, general manager of application security at Imperva.
“At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.”
He added that the threat’s interconnected nature means organizations must integrate security strategies for bot and API attacks.
Source: https://www.infosecurity-magazine.com/news/insecure-apis-bot-attacks-cost/
Latest News:
[…] Read now: Insecure API and Bot Attacks Cost Global Firms $186bn […]