A new report from Noname Security has revealed that web application program interfaces (APIs) are growing in popularity, potentially putting data, including consumer details, at risk.
What is an API?
An API allows two or more applications to talk to each other.
For example, say you get a quote for an insurance product. Companies that provide quotes could use an API to populate their systems that produce your cover documents and generate your renewal next year.
APIs can have a significant impact on the efficiency of a business by facilitating things like automation. They’re why you can often change your insurance policy or confirm a renewal by clicking a button rather than having to pick up the phone.
Noname found that the average company utilises 15,564 overall, a 201% increase on last year.
But these APIs are causing large-scale security concerns, too.
Is business API use leading to data breaches?
It certainly seems to be that way.
Noname found that among 3,000 employees across 350 businesses:
- 41% of companies had experienced an API-related cybersecurity incident in the last year
- 63% of these incidents involved a data breach or loss
Recently, a well-publicised cybersecurity incident involving popular marketing automation and email marketing platform MailChimp saw attackers access API keys, which would have allowed them to send fraudulent emails to unsuspecting recipients.
What do businesses have in place to prevent this?
While 90% of companies told Noname they had API authentication policies in use, nearly a third said they lacked confidence their policies provided adequate cybersecurity protection.
Meanwhile, 35% said they had experienced project delays due to API security concerns. 87% of those said they thought their companies could have avoided these delays if they integrated API security testing into development pipelines.
Finally, 51% of businesses told Noname they had complete confidence in their API inventories. Should there be a spate of API driven data breaches throughout 2022, we may reflect on this as false confidence, an issue that was highlighted in a recent Experian report looking into data breaches and crisis preparation.
If businesses are using APIs to handle and process your data, they have a duty to protect you
Regardless of the tools companies and other organisations use to handle, process, and analyse your data, they have a duty to protect you and your privacy.
If your privacy is compromised due to a flaw in an API or by any other means, you may be entitled to compensation. Contact us here for a free, no-obligation review of your potential data breach claim.