Written by 9:38 am Security News • One Comment

Insecure API and Bot Attacks Cost Global Firms $186bn

Insecure API and Bot Attacks Cost Global Firms $186bn

According to a new study from Thales, increased API adoption and AI-powered bot attacks are on the rise and costing global organizations tens of billions of dollars annually.

The firm’s new Economic Impact of API and Bot Attacks report is based on an analysis of 161,000 cybersecurity incidents by Thales business unit Imperva and the Marsh McLennan Cyber Risk Intelligence Center.

It claimed that the cost of insecure APIs has increased from $12bn in 2021 to $35-87bn today, while up to $116bn can be attributed to bot attacks. The average losses associated with bot and API threats are $94-186bn.

The report noted that rapid adoption of APIs, low levels of in-house know-how, and poor communication between security and development teams are exacerbating the problem. Threat actors often use automated bots to probe for exposed, insecure, and/or misconfigured APIs.

APIs are a popular target as they can provide a direct pathway to sensitive enterprise and customer data.

The report also claimed that generative AI is helping even inexperienced threat actors to launch sophisticated bot attacks by enhancing evasion techniques.

Insecure API and Bot Attacks Cost Global Firms $186bn

Larger Companies in the Crosshairs

Thales revealed that companies with revenue of at least $100bn are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats comprise 26% of all security incidents organisations face, compared to an average of 12%.

The reason is that more prominent companies are more likely to have large, complex API ecosystems that contain exposed and insecure APIs. According to the report, the average enterprise managed 613 API endpoints in production last year.

“Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models,” argued Nanhi Singh, general manager of application security at Imperva.

“At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.”

He added that the threat’s interconnected nature means organizations must integrate security strategies for bot and API attacks.

Source: https://www.infosecurity-magazine.com/news/insecure-apis-bot-attacks-cost/

Latest News:

  • Sellafield Fined for Cybersecurity Failures at Nuclear Site
    Sellafield Ltd. has been fined £332,500 ($437,440) for cybersecurity failures at the Sellafield nuclear facility in Cumbria, North-West England. Westminster Magistrates Court issued the fine following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060). The offences …
  • Ransomware Attack Forces UMC to Divert Emergency Patients
    The University Medical Center (UMC) Health System in Lubbock, Texas, has confirmed a ransomware attack that disrupted its IT infrastructure last week, forcing the diversion of emergency and non-emergency patients.  UMC, the only level 1 trauma centre within 400 miles, faced significant operational challenges, with phone systems down and the patient portal inaccessible. Despite this, …
  • British Hacker Charged in the US For $3.75m Insider Trading Scheme
    A British hacker accused of orchestrating a $3.75m insider trading scheme has been charged in the US. Robert Westbrook, 39, allegedly gained unauthorized access to corporate executives’ email accounts to profit from confidential financial information. US authorities arrested Westbrook last week in London, and he is awaiting extradition to face multiple charges, including securities fraud …