Vulnerable APIs and Bot Attacks Costing Businesses up to $186 Billion Annually
September 18 2024 - 9:00AM
Business Wire
- API insecurity and automated abuse by bots responsible for up
to 11.8% of cyber events and losses globally
- Bot-related security incident count rose 88% in 2022 and 28% in
2023
- Insecure APIs result in up to $12 billion more in losses than
they did in 2021
Thales, the cybersecurity leader that protects critical
applications, APIs, and data, anywhere at scale, releases the
“Economic Impact of API and Bot Attacks” report. The analysis of
more than 161,000 unique cybersecurity incidents uncovers the
rising global costs of vulnerable or insecure APIs and automated
abuse by bots, two security threats that are increasingly
interconnected and prevalent. The report estimates that API
insecurity and bot attacks result in up to $1861 billion of losses
for businesses around the world.
This press release features multimedia. View
the full release here:
https://www.businesswire.com/news/home/20240918198180/en/
©Thales
The report is based on a study conducted by the Marsh McLennan
Cyber Risk Intelligence Center which found that larger
organizations were statistically more likely to have a higher
percentage of security incidents that involved both insecure APIs
and bot attacks. Enterprises with revenues of more than $1 billion
were 2-3x more likely to experience automated API abuse by bots
than small or mid-size businesses. The study suggests that large
companies are particularly vulnerable to security risks associated
with automated API abuse by bots because of complex and widespread
API ecosystems that often contain exposed or insecure APIs.
Enterprises rely heavily on APIs to enable seamless
communication between diverse applications and services. Data from
the Imperva Threat Research team, finds that the average enterprise
managed 613 API endpoints in production last year. That number is
growing rapidly as businesses face mounting pressure to deliver
digital services with greater agility and efficiency.
Due to this increased reliance and their direct access to
sensitive data, APIs have become attractive targets for bot
operators. In 2023, automated threats generated by bots accounted
for 30% of all API attacks, according to data from Imperva Threat
Research. Today, automated API abuse by bots costs organizations up
to $17.9 billion of losses annually. As the number of APIs in
production multiplies, cybercriminals will increasingly use
automated bots to find and exploit API business logic, circumvent
security measures, and exfiltrate sensitive data.
“It’s imperative that businesses across the world address the
security risks posed by insecure APIs and bot attacks, or they face
a substantial economic burden,” says Nanhi Singh, General
Manager of Application Security at Imperva, a Thales company.
“The interconnected nature of these threats necessitates that
companies take a holistic approach, integrating comprehensive
security strategies for both bot and API attacks.”
Some of the key trends identified in the report include:
- Increased API adoption and usage is growing the attack
surface: The rapid adoption of APIs, inexperience of many API
developers, and lack of collaboration between security and
development teams has led insecure APIs to now result in up to $87
billion of losses annually, a $12 billion increase from 2021.
- Bots negatively impact organizations’ bottom line: The
widespread availability of attack tools and generative AI models
has enhanced bot evasion techniques and enabled even low-skilled
attackers to launch sophisticated bot attacks. Up to $116 billion
of losses annually can be attributed to automated attacks by
bots.
- API and bot-related security incidents are becoming more
frequent: In 2022, API-related security incidents rose by 40%,
and bot-related security incidents spiked by 88%. These increases
were fueled by a rise in digital transactions, the expanding use of
APIs, and geopolitical tensions like the Russia-Ukraine conflict.
In the following year 2023, as digital traffic began to stabilize
and the pandemic-driven surge in internet activity subsided, the
frequency of these incidents moderated. API-related security
incidents grew by 9%, while bot-related security incidents jumped
by 28%. The overall upward trend in attacks highlights the growing
persistence and frequency of these threats.
- Insecure APIs and bot attacks pose a significant threat to
large enterprises: Companies with revenue of at least $100
billion are most likely to suffer security incidents related to
insecure APIs or bot attacks. These threats constitute up to 26% of
all security incidents experienced by such businesses.
- Countries around the globe are vulnerable to API and bot
attacks: Brazil experienced the highest percentage of events
related to insecure APIs or bot attacks, with the threats
accounting for up to 32% of all observed security incidents. This
was closely followed by France (up to 28%), Japan (up to 28%), and
India (up to 26%). While the percentage of events attributed to API
and bot-related security incidents was lower in the United States,
66% of all reported events related to vulnerable APIs or automated
abuse by bots occurred within the country.
“Reliance on APIs will continue to grow exponentially, driving
connections to generative AI applications and large language
models,” adds Singh. “At the same time, generative AI will also
empower cybercriminals to create sophisticated bots at an
accelerated and alarming rate. As API ecosystems expand and bots
become more advanced, organizations should anticipate a significant
rise in the economic impact of automated API abuse by bots unless
proactive measures are taken.”
Additional Information:
- Download a copy of the “Economic Impact of API and Bot Attacks”
report for additional insights on the business impact of API and
bot-related security incidents.
- See how Imperva Advanced Bot Protection and API Security can
protect websites, applications, and APIs from automated attacks and
without affecting the flow of business-critical traffic.
- Read the Imperva Blog (Imperva, a Thales company) for the
latest product and solution news, and threat intelligence from
Imperva Threat Research.
About Thales
Thales (Euronext Paris: HO) is a global leader in advanced
technologies specialized in three business domains: Defence &
Security, Aeronautics & Space, and Cybersecurity & Digital
identity.
It develops products and solutions that help make the world
safer, greener and more inclusive.
The Group invests close to €4 billion a year in Research &
Development, particularly in key innovation areas such as AI,
cybersecurity, quantum technologies, cloud technologies and 6G.
Thales has close to 81,000 employees in 68 countries. In 2023,
the Group generated sales of €18.4 billion.
PLEASE VISIT
Thales Group
Cloud Protection & Licensing Solutions | Thales Group
Cybersecurity Solutions | Thales Group
News Highlights and Awards | Imperva
____________________
1 The overall total does not double count events that are both
API and bot related.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240918198180/en/
PRESS CONTACT Thales, Media Relations
Security & Cybersecurity Marion Bonnet +33 (0)6 60 38 48
92 marion.bonnet@thalesgroup.com
Thales (EU:HO)
Historical Stock Chart
From Oct 2024 to Nov 2024
Thales (EU:HO)
Historical Stock Chart
From Nov 2023 to Nov 2024