Salt Security recently released the findings of their latest State of API Security Report, Q3 2022, which the company conducts every six months in line with the shifting currents of the market. In this episode of TFiR Let’s Talk, Michelle McLean, VP of Marketing at Salt Security, joins me to deep dive into the report. When she looks back at previous reports, she finds that one thing remains consistent — “We are still seeing a fairly high percentage of folks getting impacted or having at least some form of API security incident in the past 12 months.” Over 94% of companies experienced security incidents in production APIs, even though nothing catastrophic happened to them, with over 20% of companies reporting some sort of data breach as a result of security gaps in APIs.
Some of the highlights of our discussion:
- Over 94% of companies experienced some sort of security incidents, with over 20% reporting some sort of data breach.
- The percentage of APIs exposing PII (Personally Identifiable Information) or other sensitive data has been very high at 91%.
- Shadow or Zombie APIs remain one of the biggest concerns for organizations.
- Growing adoption of GraphQL is both good and bad news, as they offer more security and flexibility but create new security challenges at the same time.
- We also talked about how we need a different perspective when we look at API security as compared to traditional security.
- Economic downturn will force companies to cut costs, but McLean feels that security will not be impacted by that cut.
- Despite awareness and strong security posture, companies should not become too comfortable as more than one-third of Salt Security customers continue to experience more than a hundred attacks a month. Bad actors have to be right only once, whereas you have to be right 101% of the time.
- McLean shares 6 attributes that she values the most when it comes to improving your security posture. On top of the list is stopping attacks in the first place.
Watch the whole video to check out the remaining attributes and deeper discussion into each topic.