Shadow APIs pose serious threat to fintechs, report finds

A third of all financial services’ API traffic is going unmonitored, Imperva Threat Research has found, in what should be a concern for many businesses

Cybersecurity leader Imperva has released new research showing that the volume of cyber threats directed towards the financial services and insurance (FSI) industry has grown rapidly over the course of the last year, driven by digital transformation and regulations such as Open Banking. 

Imperva Threat Research found that more than a quarter of all cyberattacks (28%) hit FSI businesses, double that of the next most-targeted sector, while Application Programming Interface (API) abuse, DDoS attacks, and bad bots were the three of the biggest cybersecurity challenges for the industry. 

Growing risk of API security threats

Having transformed the digital ecosystem, APIs have given rise to the open banking and embedded finance wave that has literally gone global since the COVID-19 pandemic. Digital transformation was fast-tracked, forcing legacy institutions to adopt new, faster transactional technologies provided by digital partners.

However, the growing risk associated with API-related security threats should be particularly concerning for the financial services industry, as APIs are the invisible connective tissue that enables applications to share data and ‘talk’ to each other. Imperva Threat Research found that 30% of all API traffic in this industry goes through shadow APIs, which represents a major security risk for businesses. Shadow APIs are ones which are unsupervised or outside of the security team’s visibility, yet connect directly to backend databases where sensitive data is stored. In recent years, hackers have increasingly targeted APIs as a pathway to the underlying infrastructure to exfiltrate sensitive information, with one in every 13 cyber incidents estimated to be related to API insecurity.  

Since 2018, Open Banking has required banks and other financial businesses to allow third-party providers access to customers’ banking data through APIs, dramatically increasing the amount of sensitive financial data they exchange. Open Banking and digital transformation have significantly increased the number of APIs used in the financial services industry. Nearly half of all businesses have between 50-500 deployed, while many large enterprises already have over a thousand active APIs. The scale of unmonitored API traffic is substantially higher than in other industries, suggesting that FSI companies’ implementation of Open Banking standards may have inadvertently created a serious, industry-wide security threat. 

“The scale of the shadow API problem should be a concern for every business,” says Andy Zollo, RVP for EMEA at Imperva. “The idea that a third of all that traffic is going unmonitored shows that organisations urgently need to address their API protection strategies. APIs connect directly to the data layer, so businesses have to see API security as an extension of their data security strategy. Every organisation needs full visibility over every API in their environment, what data is flowing through each one, and who’s accessing it.”


Featured Articles

Gen AI Boom Drives Nvidia Value to Overtake Microsoft

Nvidia surpasses Microsoft to become the most valuable company, with its AI and chip developments tripling stock and prompting a US$3.3tn market cap

IBM & Wimbledon: AI Is Changing the Game for Sports

IBM and The All England Lawn Tennis Club have unveiled AI features for Wimbledon that will provide real-time analysis and expanded, personalised content

Zoom: Powering EMEA with a Partner-Led Focus

We examine how Zoom is moving towards greater digital transformation via its EMEA partnership channels, inspiring the next generation of collaboration

Schneider Electric: UK&I President Grows Her Europe Presence

Digital Transformation

DTW24 Ignite: AI to Power the Next Generation of Technology

Digital Transformation

SolarWinds: IT Professionals Worry about AI Integration Risk

AI & Machine Learning