First, the good news is that, manufacturing for instance saw its application programming interface (API) security incidents decrease by over 7% last year according to a recent study conducted by Noname Security. Now, the bad thing is that, cyber security remains an issue of concern in every industry. The report stated that there was a rise of three percent in API events recorded in 2023 compared to 2022 and 73% among other manufacturing companies.
Last year’s most affected were the financial services firms, retail and e-commerce companies and healthcare organizations probably because they deal with a lot of personally identifiable information (PII) from customers. This is different from what used to happen in 2022 when manufacturers had the highest instances.
However, all businesses are still at risk from hackers’ activities. Some years back even firms with sound cybersecurity systems such as X (formerly Twitter) or Dropbox have been victims of major API hacks. The consequences can be dire. Half of respondents surveyed by Noname Security cited customer churn as their reason for high number of API security incidents while another problem was costs related to developing and implementing solutions.
Why API security remains an important ongoing challenge
APIs enable software components to interact with each other, including when they are on the same device, in a shared network or even within one application. In addition to being useful for developers, they also serve as potential keys to criminals who seek to collect personal data and important company information.
The other thing that makes APIs difficult to protect is that they are ubiquitous. Noname Security suggests that up to 80 percent of all Internet traffic today accounts for API traffic. The report by 451 Research has it that companies have on average 15,564 APIs in use at any one time; this figure jumps to over 25,000 for large enterprises with more than 10,000 employees.
How to improve your API security
To ensure data security, some API security policies and procedures should be implemented. Here are three steps you can take immediately to keep potential hackers out:
1. Your APIs must be secure from the beginning and continually tested.
More than 85% of API flaws including security issues occur in development, mostly during the initial coding. For this reason, testing on-the-fly is important since it is much cheaper to stop a vulnerability or fix a problem before it gets deployed. However, as per Noname Security report 2023, only 12% of manufacturing companies did that last year. However, businesses have been mindful; at least once a day according to 38% of respondents who said they test while 40% said that they conduct tests not more than once per week.
Luckily, these numbers can easily improve today due to new tools that enable fast, efficient and scalable API testing without adding more burden on developers.
2. Gain visibility into all the APIs you use.
According to a report by Noname Security, of the American companies surveyed in 2023, 72% had full inventory of APIs but only 40% know which ones were returning confidential information. Noname Security’s report reveals that though 26% have some listed yet only 24% understand what to consider first. Has to be reformed. One cannot accurately evaluate risks or exposure without this set of missing data.
The best way to obtain more visibility is through tools that make an operational API catalog for businesses. The next step in the process is figuring out which APIs are important. Moreover, knowing where sensitive data is passing through APIs can help organizations comply with Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA) among other regulations. According to the results of one survey conducted among manufacturers in 2023, over 80% indicated that their use of APIs helped them do precisely this.
3. Choose somebody who will be the champion of API.
One person or a team of people can be assigned to be an API champion, which can in turn enhance organizational strategic approach towards security and activeness. This individual or group is able to assist business leadership in gauging their current level of security, identifying possible weak points and developing a contingency plan for emergencies when such incidents occur using APIs. More importantly, this champion could train other groups within the organization so that security becomes part of every stage during the development of applications.
We see some of it actually happened already. In 2022, Noname Security discovered that most industry-related API breaches were caused by dormant and zombie APIs. The following year most companies took care of it; thus, it stopped being an issue. Concerning web application firewalls, let’s concentrate on them in 2024.
Final Verdict
Manufacturers are surely aware how crucial data protection is . According to Noname Security research published in 2023 , 75% manufacturing respondents indicated that API security was more important over last one year meanwhile only 9% ranked it as less important. However, caution should not go amiss because criminals on the Internet improve their methods daily attacking broader surfaces. It is necessary to focus on API security for ensuring data safety and driving positive business results by 2024.
