Australian businesses see rising annual losses linked to API insecurity, automated abuses

by

Azunta Gaviola

-

3 weeks ago

Get ready to explore the future of marketing and elevate your business! The ‘What’s NEXT in Marketing 2024-2025’ series is heading to Indonesia, Malaysia, the Philippines, and Singapore. Don’t miss out!

Sydney, Australia – Application Program Interface (API) insecurity and automated abuse from bots are increasingly becoming interconnected and prevalent, costing businesses in Australia US$2b of losses every year. This is according to the latest research from cybersecurity firm Thales, which also revealed that four cybersecurity incidents in the country are causing these costs. 

Data from the report found that in 2023, the Asia-Pacific region experienced 17.7% global API and bot-related security incidents, resulting in more than US$16.6b in business losses. 

With 14% of global API-related attacks and 24% of bot-related attacks, the region also recorded the highest rate for API incidents and second highest globally after Africa.

Larger organisations were also noted to statistically be more likely to have a higher percentage of security incidents that involve both insecure APIs and bot attacks. On the other hand, enterprises with revenues of more than US$1b were 2-3x more likely to experience automated API abuse by bots than small or midsize businesses. 

These figures implied the increasing vulnerability of large companies to security risks associated with automated API abuse by bots because of complex and widespread API ecosystems.

Furthermore, the study also revealed the average enterprise managed 613 API endpoints in production last year, noting the number’s rapid growth as businesses face mounting pressure to deliver digital services with greater agility and efficiency.

Due to this increased reliance and their direct access to sensitive data, APIs have also become attractive targets for bot operators. 

In 2023, automated threats accounted for 30% of all global API attacks, according to data from Imperva Threat Research.

Recently, it was observed that automated API abuse by bots costs organisations up to US$17.9b every year. These incidents can be attributed to the rising API in production, which cybercriminals expected to use automated bots in finding and exploiting API business logic, circumvent security measures, and exfiltrate sensitive data.

Apart from these findings, Thales also reported rapid adoption of APIs, inexperience of many API developers, and lack of collaboration between security and development teams has led insecure APIs to now result in up to US$87B of losses annually, a US$12b increase from 2021.

Interestingly, the widespread availability of attack tools and generative AI models has enhanced bot evasion techniques and enabled even low-skilled attackers to launch sophisticated bot attacks. The report found that up to US$116b of losses annually can be attributed to automated attacks by bots.

Additionally, API and bot-related security incidents are becoming more frequent, with API-related security incidents rising by 40% and bot-related security incidents spiked by 88% both in 2022. In the following year, API-related security incidents grew by 9%, while bot-related security incidents jumped by 28%. 

Insecure APIs and bot attacks were further observed to pose a significant threat to large enterprises, reporting companies with revenue of at least US$100 billion being most vulnerable to experiencing security incidents related to insecure APIs or bot attacks.

“Many businesses across APJ are unaware that undesirable bot traffic is impacting their bottom line by targeting their applications, APIs, and infrastructure. Business leaders can’t manage this risk if they’re unaware of it or don’t fully understand it,” said Reinhart Hansen, director of technology, Asia Pacific and Japan, at Imperva, a Thales company.

He further continued, “The same can also be said about lack of visibility across an organisation’s API endpoint assets and the data they exchange, internally, publicly, and directly with third parties. Without an accurate and continuously updated API endpoint inventory and security assessment, organisations remain open to significant security risks, such as large-scale data loss and exfiltration.”

“API ecosystems will continue to grow exponentially, driving connections to generative AI applications and large language models. In parallel, cybercriminals will leverage emerging technologies to create sophisticated bots at an accelerated and alarming pace. Business leaders should take proactive measures to assess and interpret the potential risk to their bottom line and adopt a holistic solution that covers the entire application landscape without impacting the end-user experience, concluded Hansen.”

Grab your opportunity to harness marketing strategies through the power of WhatsApp in our workshop! Happening on 8 October 2024 at Capri by Fraser China Square in Singapore, with speakers from Bird and Endowus, register your interest now!
Get ready to explore the future of marketing and elevate your business! The ‘What’s NEXT in Marketing 2024-2025’ series is heading to Indonesia, Malaysia, the Philippines, Singapore, and Hong Kong. Don’t miss out!
Share

RECENT ARTICLES

Kaspersky unveils enhanced cybersecurity solutions for combatting OT, critical infrastructure threats
Verkada appoints Jonathon Dixon as new vice president, managing director of JAPAC region
Parcel365, AliExpress rolls out new sourcing, procurement processing platform for Malaysian SMEs
FedEx introduces new import tool for cross-border shipping in Asia-Pacific
IBS Software launches data, AI CoE to harness responsible AI adoption in travel, hospitality sectors
Ellipse 3

RELATED ARTICLES

Industry veteran Nelson Soon joins Proofpoint as vice president of channels and alliances for APJ_11zon
Critical infrastructure organisations face increasing ransomware threats, with 24% reporting online attacks report_11zon
DDoS attacks targeting retail surge by nearly 61% since last year, impacting e-commerce platforms, online retail operations report_11zon (1)
Ellipse 3

FEATURED ARTICLES

Defence at the digital frontier Mimecast’s Stanley Hsu on building resilience against fraud, cyber risks in Singapore’s e-commerce scene
2
Tech in Focus How SUSE accelerates innovation, strengthens security across enterprise-grade products through open-source solutions_11zon (1)

Subscribe to UpTech Media Newsletter

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.