Shadow APIs pose serious threat to fintechs, report finds

Share
A third of all financial services’ API traffic is going unmonitored, Imperva Threat Research has found, in what should be a concern for many businesses

Cybersecurity leader Imperva has released new research showing that the volume of cyber threats directed towards the financial services and insurance (FSI) industry has grown rapidly over the course of the last year, driven by digital transformation and regulations such as Open Banking. 

Imperva Threat Research found that more than a quarter of all cyberattacks (28%) hit FSI businesses, double that of the next most-targeted sector, while Application Programming Interface (API) abuse, DDoS attacks, and bad bots were the three of the biggest cybersecurity challenges for the industry. 

Growing risk of API security threats

Having transformed the digital ecosystem, APIs have given rise to the open banking and embedded finance wave that has literally gone global since the COVID-19 pandemic. Digital transformation was fast-tracked, forcing legacy institutions to adopt new, faster transactional technologies provided by digital partners.

However, the growing risk associated with API-related security threats should be particularly concerning for the financial services industry, as APIs are the invisible connective tissue that enables applications to share data and ‘talk’ to each other. Imperva Threat Research found that 30% of all API traffic in this industry goes through shadow APIs, which represents a major security risk for businesses. Shadow APIs are ones which are unsupervised or outside of the security team’s visibility, yet connect directly to backend databases where sensitive data is stored. In recent years, hackers have increasingly targeted APIs as a pathway to the underlying infrastructure to exfiltrate sensitive information, with one in every 13 cyber incidents estimated to be related to API insecurity.  

Since 2018, Open Banking has required banks and other financial businesses to allow third-party providers access to customers’ banking data through APIs, dramatically increasing the amount of sensitive financial data they exchange. Open Banking and digital transformation have significantly increased the number of APIs used in the financial services industry. Nearly half of all businesses have between 50-500 deployed, while many large enterprises already have over a thousand active APIs. The scale of unmonitored API traffic is substantially higher than in other industries, suggesting that FSI companies’ implementation of Open Banking standards may have inadvertently created a serious, industry-wide security threat. 

“The scale of the shadow API problem should be a concern for every business,” says Andy Zollo, RVP for EMEA at Imperva. “The idea that a third of all that traffic is going unmonitored shows that organisations urgently need to address their API protection strategies. APIs connect directly to the data layer, so businesses have to see API security as an extension of their data security strategy. Every organisation needs full visibility over every API in their environment, what data is flowing through each one, and who’s accessing it.”

Share

Featured Articles

What Global Tech Leaders Think About The UK’s AI Action Plan

Global tech leaders including Nvidia, Dell, Siemens & ServiceNow, respond to the UK’s AI Action Plan to invest in infrastructure, upskilling & data centres

JLR & Tata: Advancing Software-Defined Vehicles

With the Tata Communications MOVE™ platform JLR is ensuring electric fleet connectivity, driving the future of software-defined automotive manufacturing

How Siemens is Reimagining the Energy System of Davos

Ahead of the 2025 WEF summit, Siemens has fitted host town Davos with an eco-friendly energy distribution system to help the WEF walk the walk sustainably

Capgemini: How Gen AI Drives Rise in Corporate Emissions

Digital Transformation

How Apple Says it is Using Siri to Protect User Data

Data & Data Analytics

WEF: How AI Will Reshape 86% of Businesses by 2030

AI & Machine Learning