Research reveals security misconfiguration as top concern in A/NZ with organisations mitigating issues with AI/ML and API gateways.
APAC organisations are increasingly relying on artificial intelligence and machine learning (AI/ML) enabled solutions to tackle a wide array of security challenges around Application Programming Interfaces (APIs), according to F5’s inaugural 2024 Strategic Insights: API Security in APAC report.
The report examines the challenges and opportunities in API security in APAC as APIs continue to power the region’s digital experiences.
With APIs increasingly being the point of attack for cybercriminals, 17% of A/NZ organisations have adopted AI/ML technologies to detect and mitigate sophisticated threats, such as broken object level authorisation and server-side request forgery.
The adoption of AI/ML solutions show A/NZ organisations proactive approach to leveraging advanced technologies for comprehensive threat detections and prevention across API environments.
“Over 90% of the attacks F5 has seen across our infrastructure have been targeted towards APIs. In Australia, cyber-attacks on API systems have caused wide-spread data breaches and millions of people’s data to be compromised,” said Jason Baden, Regional Vice President, A/NZ, F5.
“We’ve seen growing number of attacks, with unprecedented speed and sophistication as a result of cybercriminals taking advantage of AI-powered tools. Because of this, API security is one of the most important challenges for organisations in Australia and New Zealand to address.”
For Australia, protecting APIs during runtime is a top priority, with many increasingly recognising the importance of guarding APIs right from development. Having robust code security standards and practices (17%) has emerged as a fundamental strategy among the region’s organisations to guard APIs against a broad range of complex vulnerabilities, from Broken Object Level Authorisation and Security Misconfiguration issues to SSRF.
“Today, API security is more important, but also more complex, than ever. Findings from our report clearly show that more organisations are shifting left along the API lifecycle, while still attempting to shield right,” said Mohan Veloo, Chief Technology Officer for Asia Pacific, China and Japan, F5.
“F5 is bringing advanced API code testing and telemetry analysis to F5 Distributed Cloud Services, creating the industry’s most comprehensive and AI-ready API security solution. F5 Distributed Cloud Services can offer API discovery, testing, posture management and runtime protection, all in a single platform, allowing organisations to gain true visibility and security from code to cloud.”
The research reveals that security misconfigurations are a higher concern for A/NZ organisations than the rest of the APAC region. In Australia (19%) and New Zealand (17%) of respondents saw it as a top issue, above the APAC average of 13.2%.
To mitigate these risks, A/NZ organisations rely heavily on API Gateways for API security strategies.
One fifth of A/NZ organisations have adopted API Gateways to help manage and secure API traffic to provide essential controls for access and consumption.
Other key findings from the 2024 Strategic Insights: API Security report include:
- APAC faces unique API security challenges compared to the rest of the world. Security challenge rankings by APAC organisations diverge from global OWASP rankings, with Broken Authentication, Server-Side Request Forgery and Security Misconfiguration emerging as top concerns. This is driven by widely used REST/RPC technologies, high use of internal APIs and diverse deployments across the region.
- Australia prioritises robust, real time data leakage and tampering protection. To mitigate these risks, Australian businesses see API runtime protection as a top priority, with 45% of respondents marking it as their top priority, compared to 36% across APAC.
- Insecure integration with third-party services fuelling New Zealand’s high concern for Unsafe Consumption of APIs. 21% of New Zealand respondents expressed concern for unsafe consumption of APIs, a much higher rate of concern than the 9.2% across the APAC region. Secure API consumption practices are crucial to protect against attackers looking to leverage Webhook and SOAP protocols.
- A strong emphasis on API Security Testing in both Australia and New Zealand. In New Zealand, an incredibly high 72% of respondents highlighted this as a top concern, followed by 45 % of Australian respondents. This emphasis on security testing is to ensure that APIs are secure from the development phase.
- Controlling external users is the top concern in API access control. APAC organisations cited heightened concern over potential risks from external entities (59%). Other priorities include compliance with established standards (54%) and secure app-to-app interactions (49%). This reflects trends toward increasing connectivity and highlights the importance of comprehensive security frameworks to address evolving API risks effectively
- Focus on security during the development phase. Code security solutions are the most adopted API security solution in New Zealand (20.7%) and the second in Australia (17.9%). This highlights the importance of secure coding practices and static code analysis to prevent vulnerabilities from being introduced during the development phase.
- Strong focus on protecting data against leakage and tampering. Data leakage (53.3%) is the highest priority concern for APAC organisations in API run time protection, underscoring the urgency in protecting sensitive information. There’s also an industry-wide emphasis on maintaining data integrity (27.7%) and protecting sensitive information through detection and masking techniques (23.4%).
To evaluate the current landscape of API security in A/NZ, Twimbit conducted research on behalf of F5 in H1 of 2024, surveying 297 professionals from various sectors, including security, DevOps, SecOps and application development. Respondents were distributed across 11 APAC markets: Australia, China, India, Indonesia, Japan, Korea, Malaysia, New Zealand, Singapore, Taiwan and Thailand.
