Shadow APIs pose serious threat to fintechs, report finds

A third of all financial services’ API traffic is going unmonitored, Imperva Threat Research has found, in what should be a concern for many businesses

Cybersecurity leader Imperva has released new research showing that the volume of cyber threats directed towards the financial services and insurance (FSI) industry has grown rapidly over the course of the last year, driven by digital transformation and regulations such as Open Banking. 

Imperva Threat Research found that more than a quarter of all cyberattacks (28%) hit FSI businesses, double that of the next most-targeted sector, while Application Programming Interface (API) abuse, DDoS attacks, and bad bots were the three of the biggest cybersecurity challenges for the industry. 

Growing risk of API security threats

Having transformed the digital ecosystem, APIs have given rise to the open banking and embedded finance wave that has literally gone global since the COVID-19 pandemic. Digital transformation was fast-tracked, forcing legacy institutions to adopt new, faster transactional technologies provided by digital partners.

However, the growing risk associated with API-related security threats should be particularly concerning for the financial services industry, as APIs are the invisible connective tissue that enables applications to share data and ‘talk’ to each other. Imperva Threat Research found that 30% of all API traffic in this industry goes through shadow APIs, which represents a major security risk for businesses. Shadow APIs are ones which are unsupervised or outside of the security team’s visibility, yet connect directly to backend databases where sensitive data is stored. In recent years, hackers have increasingly targeted APIs as a pathway to the underlying infrastructure to exfiltrate sensitive information, with one in every 13 cyber incidents estimated to be related to API insecurity.  

Since 2018, Open Banking has required banks and other financial businesses to allow third-party providers access to customers’ banking data through APIs, dramatically increasing the amount of sensitive financial data they exchange. Open Banking and digital transformation have significantly increased the number of APIs used in the financial services industry. Nearly half of all businesses have between 50-500 deployed, while many large enterprises already have over a thousand active APIs. The scale of unmonitored API traffic is substantially higher than in other industries, suggesting that FSI companies’ implementation of Open Banking standards may have inadvertently created a serious, industry-wide security threat. 

“The scale of the shadow API problem should be a concern for every business,” says Andy Zollo, RVP for EMEA at Imperva. “The idea that a third of all that traffic is going unmonitored shows that organisations urgently need to address their API protection strategies. APIs connect directly to the data layer, so businesses have to see API security as an extension of their data security strategy. Every organisation needs full visibility over every API in their environment, what data is flowing through each one, and who’s accessing it.”

Share

Featured Articles

Dell Technologies: Powering Reliable Global Connectivity

Dell Technologies is announcing new solutions to help communications and service providers (CSPs), so that their systems are faster and more flexible

MWC Barcelona 2024: Unveiling the Future of Technology

Technology Magazine is live at MWC Barcelona 2024 this week, where global industry leaders come to reveal cutting-edge innovations in connectivity

Google Gemma: An AI Model Small Enough to Run on a Laptop

Tech giant Google, with Google DeepMind, has launched its latest AI model Gemma which it says achieves best-in-class performance for its size

Why Tech Leaders Should Attend Sustainability LIVE: Net Zero

Digital Transformation

OpenText Report: IT at Forefront of Sustainability Efforts

Digital Transformation

‘Magnificent Seven’ Tech Companies Driving Forward With AI

AI & Machine Learning