Virtualization Technology News and Information
Article
RSS
Noname Security 2023 Predictions: 5 Predictions That Will Impact the API Security Market in 2023

vmblog-predictions-2023 

Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

5 Predictions That Will Impact the API Security Market in 2023

By Noname Security CISO, Karl Mattson, Field CTO, Filip Verloy, and Head of Research, Dor Dankner

Today, we are seeing the application programming interface (API) security market expandrapidly. In previous years, the discussion was a general one about the need for API security, and now, conversations are all about how to make sure all APIs are secure.

Software code has come under attack in both innovative and troubling ways as APIs have become the critical pipeline in modern organizations. As a result, we can expect to continue to see API vulnerability exploitation as a major threat vector. A recent research report by Noname Security found that 76% of senior security professionals experienced an API security incident within the last 12 months that they were aware of - a number that will only continue to grow in the new year and beyond.

Below, we outline our top trends and technology predictions that will impact and support the API security market in 2023.

Prediction #1: APIs Are Data Pipelines That Will Attract More Attackers

While traditional databases allow users to find, store and maintain data, application programming interfaces (APIs) enable users to access and review the data as it transfers between the company, customers, and third parties. Software code has come under attack as APIs have become the critical pipeline in modern organizations, and because of this, we can expect to continue to see API hacking escalate when it comes to critical data. Whether it be through a mobile application or website, APIs interact with business logic and allow adversaries to understand exactly how a company is processing information and data, making APIs a major area of vulnerability for organizations. We expect 2023 to be the year that the risk becomes so apparent that companies can no longer ignore it.

Prediction #2: Top API Security Risks of 2023

In 2023, the continued move to cloud-native applications will expose both infrastructure and application APIs. Organizations are using more and more solutions to secure every potential entry point from cybercriminals. Security teams have a lot to manage and it quickly becomes complex and difficult to manage. APIs are increasingly being used to drive integrations between the various existing security solutions -  minimizing the oversight required to maintain security across the organization. APIs will continue to make it easier to integrate existing security tools and will drive down complexities in managing multiple tools and increase the effectiveness in eliminating security blind spots in organizations.

The adoption of newer API protocols will pose some challenges for existing vendors, and the use of API translation layers between older protocols and newer ones will increase the attack surface in unexpected ways.

Prediction #3: Top Security Attack Sector

APIs are making digital visions a reality and enabling manufacturers to adopt newer technologies and move away from heavy-lifting manual tasks with automation. By utilizing API gateways on top of legacy systems, manufacturing organizations are able to exchange data quickly and securely from system to system. As manufacturing organizations continue to embrace and adapt to the fourth industrial revolution, otherwise known as Industry 4.0, the sector will see an increased focus and dependency on using APIs to establish those environments. I predict that the manufacturing industry and any sectors relying on large machinery such as utility providers will become the riskiest attack sector in 2023 and beyond.

Prediction #4: Financial Services Sets the Pace in API-led Transformation

API-led banking initiatives are at the center of today's digital transformation in financial services. While APIs themselves are not new, they are increasingly becoming the primary software enabler for critical business processes and sensitive data exchange. Open banking standards, real-time payments, crypto wallets and a range of FinTech services offerings continue to push the industry towards API-first and cloud-friendly technologies. This transformation creates new attack surfaces, regulatory risks and data loss potential legacy controls are poorly equipped to handle.

In 2023, we anticipate the accelerated transition to real-time payments via public internet channels and the move from batch file transmission to API calls will create new risks and vulnerabilities for the financial services sector.

Meanwhile, financial institutions will increase their pursuit of ancillary API-led services, such as pricing, quantitative analytics, ML services and others which present FIs with a range of business accelerants at lower costs and faster delivery times. While these trends have been long underway, the macroeconomic pressures push financial services firms towards more expedient, cost-effective services consumption at an even greater pace.

Prediction #5: The API Security Category Will Continue to Expand

API Security sits on an axis that includes API Specifications, API Implementation, API Identity, and Access Management, the infrastructure APIs are deployed on, and the underlying systems that APIs abstract (Databases, SaaS Applications, Devices).

Current definitions of API security can include capabilities offered by network elements (API Gateways, Web Application Firewalls, Load Balancers, etc.) as well as the capabilities offered by new entrants that GAtew test API implementations, monitor APIs at runtime, and perform posture management of infrastructure and more.

In 2023, we see a continued progression of API security into other areas, like API Identity and access and Data security.

Bottom line: In 2022, we witnessed API security attacks alter the security landscape for both developers and organizations, not to mention their suppliers, partners, and customers. High-profile API breaches at companies like Twitter, the Australian telco Optus, and home fitness company Peloton are just the tip of the iceberg for substantial data leaks, or worse.

Our philosophy on API security is to encourage enterprises to look at the full API lifecycle including design, development, testing, and runtime defense. To safeguard against future attacks in 2023, organizations must continuously observe API traffic in production and in real-time to detect vulnerabilities, misconfigurations, and attacks in progress.

##

ABOUT THE AUTHORS

Karl Mattson

Karl-Mattson 

Karl Mattson is the Chief Information Security Officer at Noname Security, an API security solution.

With over 25 years of experience leading innovative and diverse teams of technology and security professionals in financial services, retail and federal government, Karl has a track record of advising CEOs, CTO and investors on strategies for product, market and customer success. Prior to Noname Security, he served as Chief Information Security Officer at PennyMac Loan Services and City National Bank, and Senior Vice President of IT Risk Management at PNC. In addition, Karl formerly served as President of the LA Cyber Lab, Financial Services Co-Chair for Los Angeles Infragard, and Adjunct Faculty at the University of Minnesota's Technological Leadership Institute.

Karl completed eight years of active duty service in the U.S. army. He holds a Bachelor of Business Administration from St. Mary's University of San Antonio, Master of Business Administration from Auburn University, and a Master of Science in Computer and Information Systems from Boston University. He is a certified CISSP and FBI CISO Academy graduate.

 

Filip Verloy

Filip-Verloy 

Filip Verloy serves as the Field CTO for the EMEA region at Noname Security. In that role, Filip engages and advises customers, partners and the security industry at large, sharing his experience, insights, and strategies on API security. Prior to joining Noname Security, Verloy was the Field CTO for EMEA at Zero Trust Data Management start-up Rubrik, he has previously served at various IT vendors including Citrix, Dell, Riverbed, and VMware in roles ranging from Architect to Solutions Executive supporting some of the largest and most complex customer environments. He has been in the IT industry for over 20 years, spanning the customer-, consulting-, and vendor-side.

 

Dor Dankner

Dor-Dankner 

Dor Danker is the Head of Research at Noname Security, an API security solution. Previously, Dor served as a researcher and team lead at SentinelOne.

Published Wednesday, January 11, 2023 7:35 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<January 2023>
SuMoTuWeThFrSa
25262728293031
1234567
891011121314
15161718192021
22232425262728
2930311234