Survey reveals biggest API security concern is DDoS threats and bot attacks

Jan. 30, 2018
Widespread API use heightens cybersecurity risks

Redwood Shores, Calif. – January 30, 2018 - Imperva, Inc. (NASDAQ: IMPV), a  cybersecurity leader that delivers best-in-class solutions to protect data and applications on-premises, in the cloud, and across hybrid environments, has announced the results of a survey of 250 IT professionals on the state of application programming interface (API) security. The survey showed a heightened concern for cybersecurity risk related to API use. Specifically, 63 percent of respondents are most worried about DDoS threats, bot attacks, and authentication enforcement for APIs. 

The survey was conducted in November 2017 by One Poll on behalf of Imperva and studied the attitudes of 250 IT managers and security professionals at companies with at least 250 employees, and/or $1 million in revenue in the US. 

APIs power the interactive digital experiences users love and are fundamental to an organization’s digital transformation. However, they also provide a window into an application that presents a heightened cybersecurity risk. The survey shows that more than two-thirds (69 percent) of organizations are exposing APIs to the public and their partners and that organizations are on average managing 363 different APIs.

Public-facing APIs are a key security concern because they are a direct vector to the sensitive data behind applications. Eighty percent of organizations use a public cloud service to protect the data behind their APIs with most people using the combination of API gateways (63.2 percent) and web application firewalls (63.2 percent).

“APIs represent a growing security risk because they expose multiple avenues for hackers to try to access a company’s data,” said Terry Ray, CTO for Imperva. “To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications.”

Ninety-two percent of IT professionals believe that DevSecOps, the combination of development, security and operations, will play a part in the future of application development. This highlights an increased desire from many organizations for security to be built in from the very beginning of software development rather than as an after-thought.

“It is very encouraging that the majority of respondents to our survey expect DevSecOps to be involved in the future of application development. Cybercrime is pervasive, and it is vital that organizations keep their applications safe from hackers. Embracing DevSecOps provides organizations with the building blocks needed for defense against some of the most serious cybersecurity threats,” continued Ray.

To see the survey results visit, http://bit.ly/2DB3NR0 and to learn more about API security read, “Six Ways to Secure API’s.”

About Imperva

Imperva® is a leading cybersecurity company that delivers best-in-class solutions to protect data and applications – wherever they reside – on-premises, in the cloud, and across hybrid environments. The company’s Incapsula, SecureSphere, and CounterBreach product lines help organizations protect websites, applications, APIs, and databases from cyber attacks while ensuring compliance. Imperva innovates using data, analytics, and insights from our experts and our community to deliver simple, effective and enduring solutions that protect our customers from cybercriminals. Learn more at www.imperva.com, our blog, or Twitter.

© 2018 Imperva, Inc. All rights reserved. Imperva, the Imperva logo, CounterBreach, Incapsula, SecureSphere, ThreatRadar, and Camouflage along with its design are trademarks of Imperva, Inc. and its subsidiaries.

###