In recent years, large enterprises have undergone unprecedented digital transformation journeys, driven by the pandemic and a rapid shift to the cloud. Application architectures have changed rapidly during this time, fundamentally reshaping how organizations operate and enabling them to adapt quickly to evolving market demands and customer expectations. Central to this evolution has been the proliferation of application programming interfaces (APIs), which streamline processes, facilitate integrations, and accelerate innovation. However, as organizations embrace these new application architectures, they also encounter significant challenges, particularly in the realm of security.To better understand the financial impact of vulnerable or insecure APIs and automated abuse by bots — two of the greatest security threats impacting large enterprises today — Imperva, a Thales company, engaged the Marsh McLennan Cyber Risk Intelligence Center to quantify the cost of API and bot-related security incidents. The analysis of more than 161,000 cybersecurity incidents reveals that these security threats could cost businesses up to $186 billion annually. In addition, it was found that larger organizations, specifically those with revenue exceeding $100 billion, are more likely to have a higher percentage of security incidents that involve both insecure APIs and bot attacks.Financial Losses: Automated attacks, such as credential stuffing, fake account creation, and data scraping, can directly lead to unauthorized transactions and data breaches, resulting in both immediate theft and long-term costs related to regulatory penalties and customer compensation. Operational Costs: The operational burden of responding to an automated attack on an API requires extensive resources, including investigating breaches, mitigating ongoing threats, restoring normal operations, and deploying additional security and support measures to support those who were impacted by the breach. The investment in these resources detracts from critical business functions. Reputational Damage: Organizations face significant reputational damage when they fall victim to these attacks. Customers expect their data to be protected, and any perceived failures can lead to a loss of trust and taking business elsewhere. In addition, partners and stakeholders may question the organization’s reliability, impacting partnerships and future opportunities. Compliance and Legal Risks: Automated attacks resulting from data breaches can expose organizations to lawsuits, fines, and other legal actions. Compliance violations can also be particularly damaging, as they involve financial penalties and corrective actions that require additional resources and time. Encourage cross-departmental teamwork: It’s crucial for security and development teams to collaborate closely throughout the entire API lifecycle. This partnership guarantees that security is woven into every phase, from initial design to final deployment, allowing for early detection and resolution of vulnerabilities. When addressing bot management, this teamwork must broaden further. Bots present a multifaceted challenge that affects various business areas. To effectively tackle these issues, collaboration among marketing, eCommerce, customer experience, IT, business units, and security is vital. Such extensive cooperation helps pinpoint vulnerable elements, like login pages, checkout workflows, and forms, which are particularly at risk of bot attacks. Holistic API discovery and oversight: Organizations need to maintain complete visibility over all their APIs, including those that are shadowed, deprecated, or unauthenticated, to ensure none are missed. Ongoing monitoring and audits are key to uncovering potential vulnerabilities before they can be exploited. Combine API and bot management: To effectively counter automated threats to API libraries, it’s essential to integrate bot management with API security. This combined approach facilitates the identification of at-risk APIs, ensures continuous surveillance for automated attacks, and offers actionable insights for quick detection and response. By unifying bot management and API security efforts, businesses can enhance their defenses against advanced automated threats while improving their ability to detect and mitigate risks before they escalate into security incidents. Proactive, adaptive measures are essential to protect against automated attacks. In light of the increasing digital landscape, organizations must prioritize security to safeguard their valuable assets and maintain the trust of their customers.By: Erez Hasson
Cloud Security, Application security, API security
BrandView
The financial impact of API and bot attacks on large enterprises

(Adobe Stock)
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds