MCLEAN, Va. -- FireTail Inc. today published The State of API Security 2024 report, a comprehensive analysis of the API security landscape and how this technology is reshaping cybersecurity as we know it.
Building on last year’s report and executed in accordance with the OWASP API Top 10 2023 update, the report provides an in-depth look at modern API security by dissecting how API breaches increasingly impact the digital security of individuals and organizations. The report includes new data sources, using both internal customer data and external public APIs to confirm trends and themes in API security issues.
The pace of API adoption is accelerating, from microservice-based architectures, cloud-native and containerization, plus the proliferation of AI, resulting in a growing API attack surface. Today, more than 80% of all internet traffic is computer to computer communication, over an API. Every mobile app, IoT device, and most modern software applications are front-end user interfaces talking to back-end APIs.
The technology ecosystem relies on APIs to enable innovation and drive enormous value, yet they remain easy targets for attackers. FireTail’s 2024 API Security Report found that API data breaches are up 80% and the volume of records breached grew 214% year over year.
Key findings of the report include:
- API Data Breaches Up 80%: The volume of breaches where records were confirmed to have been compromised grew 80% year on year. The compound annual growth rate for breaches from 2017 to 2023 stands at 61.87%, and for incidents where records were breached it is running at 49.13%
- 1.6B Records Exposed: 2023 saw 175M records exposed, up 214% from 2022. In total, since 2017 the 50 breaches recorded on FireTail’s API data breach tracker show 1,623,978,957 records exposed over the course of the 7-year period.
- The average number of records exposed per breach is greater than 32M.
- 158,336 Potential API Vulnerabilities Identified: Across the 206 Fortune 500 APIs, FireTail researchers discovered more than 158K issues, an average of 769 per API.
- Authentication and authorization still dominate as the top two primary attack vectors, both in the number of breaches and the volume of records breached. 78.2% of all incidents relied on AuthZ or AuthN issues as a primary attack vector.
“This report highlights that threats to API security remain a major issue and aren’t being appropriately addressed. API breaches, whether it be a first-party or third-party breach, have massive repercussions, including systemic vulnerabilities in cars and travel systems,” said Jeremy Snyder, CEO and co-founder of FireTail. “The number one cyber incident of 2023, MOVEit, illustrates a growing threat in the API security landscape - vulnerabilities in the digital supply chain. As our reliance on APIs grows and systems are more and more intertwined, APIs become an even more attractive target for attackers. And with advancements in AI lowering the bar for attackers and changing the calculus around what it takes to stage a successful attack, the need for effective API security has never been more pronounced.”