Shadow APIs pose serious threat to fintechs, report finds
Cybersecurity leader Imperva has released new research showing that the volume of cyber threats directed towards the financial services and insurance (FSI) industry has grown rapidly over the course of the last year, driven by digital transformation and regulations such as Open Banking.
Imperva Threat Research found that more than a quarter of all cyberattacks (28%) hit FSI businesses, double that of the next most-targeted sector, while Application Programming Interface (API) abuse, DDoS attacks, and bad bots were the three of the biggest cybersecurity challenges for the industry.
Growing risk of API security threats
Having transformed the digital ecosystem, APIs have given rise to the open banking and embedded finance wave that has literally gone global since the COVID-19 pandemic. Digital transformation was fast-tracked, forcing legacy institutions to adopt new, faster transactional technologies provided by digital partners.
However, the growing risk associated with API-related security threats should be particularly concerning for the financial services industry, as APIs are the invisible connective tissue that enables applications to share data and ‘talk’ to each other. Imperva Threat Research found that 30% of all API traffic in this industry goes through shadow APIs, which represents a major security risk for businesses. Shadow APIs are ones which are unsupervised or outside of the security team’s visibility, yet connect directly to backend databases where sensitive data is stored. In recent years, hackers have increasingly targeted APIs as a pathway to the underlying infrastructure to exfiltrate sensitive information, with one in every 13 cyber incidents estimated to be related to API insecurity.
Since 2018, Open Banking has required banks and other financial businesses to allow third-party providers access to customers’ banking data through APIs, dramatically increasing the amount of sensitive financial data they exchange. Open Banking and digital transformation have significantly increased the number of APIs used in the financial services industry. Nearly half of all businesses have between 50-500 deployed, while many large enterprises already have over a thousand active APIs. The scale of unmonitored API traffic is substantially higher than in other industries, suggesting that FSI companies’ implementation of Open Banking standards may have inadvertently created a serious, industry-wide security threat.
“The scale of the shadow API problem should be a concern for every business,” says Andy Zollo, RVP for EMEA at Imperva. “The idea that a third of all that traffic is going unmonitored shows that organisations urgently need to address their API protection strategies. APIs connect directly to the data layer, so businesses have to see API security as an extension of their data security strategy. Every organisation needs full visibility over every API in their environment, what data is flowing through each one, and who’s accessing it.”
- Mendix & Snowflake: Unleashing the Power of Enterprise DataData & Data Analytics
- IBM & SAP Expanded Partnership to Supercharge Enterprise AIAI & Machine Learning
- ServiceNow & Microsoft Partnership Driving Enterprise Gen AIDigital Transformation
- NetApp Cloud Complexity: Reliable Data is Key to AI SuccessCloud & Cybersecurity