Weekly Brief
×Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Financial Services Review
Thank you for Subscribing to Financial Services Review Weekly Brief
By
Financial Services Review | Thursday, December 01, 2022
Stay ahead of the industry with exclusive feature stories on the top companies, expert insights and the latest news delivered straight to your inbox. Subscribe today.
Managing the attack surface is one of modern security teams' most difficult challenges.
FREMONT, CA:One of the hardest tasks for modern security teams is managing the attack surface. Every single app and API in today's hybrid and multi-cloud systems is a potential target that fraudsters may and will exploit.
According to new research published today by CDN service provider Akamai Technologies Inc. (NASDAQ: AAAKAM), web application and API assaults against financial service institutions have increased by 257 per cent compared to last year.
The same study also discovered a 22 per cent increase in DDoS attacks against financial services institutions year over year and that threat actors are employing strategies in their phishing efforts to get around two-factor authentication systems.
API Attacks and the Growing Attack Surface
Not only has Akamai witnessed the rising tide of API assaults, but other vendors have as well. 41 per cent of firms experienced an API security event in the previous 12 months, with 63 per cent of those incidents including a data breach or data loss.
The fact that there is a significant attack surface of web apps and APIs that most security teams lack the resources or skills to defend is one of the primary causes of the large volume of API exploitation that targets businesses and financial sector institutions.
Businesses have shifted key infrastructure to APIs, and now fraudsters are after the money. The advising CISO at Akamai, Steve Winterfeld, added that APIs are additionally more recent and, frequently, lack the same level of maturity in security processes and controls, making them more vulnerable.
Finally, because they are made for automation, they are simpler to automate assaults against. These elements work together to make APIs a prime target for attackers. Consequently, CISOs must concentrate on them.
Working Toward API Security
Enterprises can take some actions to strengthen their defences against API-driven risks. Businesses must invest in tools that automatically find, catalogue, and validate APIs while creating a security plan that includes API security testing and API access management. Increasing transparency on internal and external APIs puts businesses in a better position to start addressing possible vulnerabilities throughout the attack surface.
In addition, businesses examine their risk models to see if they have fraud and customer threat categories that are appropriate in light of this new data, as well as to update their phishing defences to be able to defend against the most recent MFA attacks with FIDO2-compliant capabilities.
However, if you would like to share the information in this article, you may use the link below:
