Vulnerable APIs and Bot Attacks Costing Businesses up to $186 Billion Annually
18/09/2024
API insecurity and automated abuse by bots responsible for up to 11.8% of cyber events and losses globally
Bot-related security incident count rose 88% in 2022 and 28% in 2023
Insecure APIs result in up to $12 billion more in losses than they did in 2021
@Thales Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, releases the Economic Impact of API and Bot Attacks report. The analysis of more than 161,000 unique cybersecurity incidents and investigates the rising global costs of vulnerable or insecure APIs and automated abuse by bots, two security threats that are increasingly interconnected and prevalent. The report estimates that API insecurity and bot attacks result in up to $186[1] billion for businesses around the world.
The report is based on a study conducted by the Marsh McLennan Cyber Risk Intelligence Center which found that larger organizations were statistically more likely to have a higher percentage of security incidents that involved both insecure APIs and bot attacks. Enterprises with revenues of more than $1 billion were 2-3x more likely to experience automated API abuse by bots than small or mid-size businesses. The study suggests that large companies are particularly vulnerable to security risks associated with automated API abuse by bots because of complex and widespread API ecosystems that often contain exposed or insecure APIs.
Enterprises rely heavily on APIs to enable seamless communication between diverse applications and services. Data from Imperva Threat Research finds that the average enterprise managed 613 API endpoints in production last year. That number is growing rapidly as businesses face mounting pressure to deliver digital services with greater agility and efficiency.
Due to this increased reliance and their direct access to sensitive data, APIs have become attractive targets for bot operators. In 2023, automated threats accounted for 30% of all API attacks, according to data from Imperva Threat Research. Today, automated API abuse by bots costs organizations up to $17.9 billion of losses annually. As the number of APIs in production multiplies, cybercriminals will increasingly use automated bots to find and exploit API business logic, circumvent security measures, and exfiltrate sensitive data.
It's imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden, says Nanhi Singh, General Manager of Application Security at Imperva, a Thales company. The interconnected nature of these threats necessitates that companies take a holistic approach, integrating comprehensive security strategies for both bot and API attacks.
Some of the key trends identified in the report include:
Increased API adoption and usage is growing the attack surface: The rapid adoption of APIs, inexperience of many API developers, and lack of collaboration between security and development teams has led insecure APIs to now result in up to $87 billion of losses annually, a $12 billion increase from 2021.
Bots negatively impact organizations' bottom line: The widespread availability of attack tools and generative AI models has enhanced bot evasion techniques and enabled even low-skilled attackers to launch sophisticated bot attacks. Up to $116 billion of losses annually can be attributed to automated attacks by bots.
API and bot-related security incidents are becoming more frequent: In 2022, API-related security incidents rose by 40%, and bot-related security incidents spiked by 88%. These increases were fueled by a rise in digital transactions, the expanding use of APIs, and geopolitical tensions like the Russia-Ukraine conflict. In the following year 2023, as digital traffic began to stabilize and the pandemic-driven surge in internet activity subsided, the frequency of these incidents moderated. API-related security incidents grew by 9%, while bot-related security incidents jumped by 28%. The overall upward trend in attacks highlights the growing persistence and frequency of these threats.
Insecure APIs and bot attacks pose a significant threat to large enterprises: Companies with revenue of at least $100 billion are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats constitute up to 26% of all security incidents experienced by such businesses.
Countries around the globe are vulnerable to API and bot attacks: Brazil experienced the highest percentage of events related to insecure APIs or bot attacks, with the threats accounting for up to 32% of all observed security incidents. This was closely followed by France (up to 28%), Japan (up to 28%), and India (up to 26%). While the percentage of events attributed to API and bot-related security incidents was lower in the United States, 66% of all reported events related to vulnerable APIs or automated abuse by bots occurred within the country.
Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models, adds Singh. At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.
Additional Information:
Download a copy of the The Economic Impact of API and Bot Attacks report for additional insights on the business impact of API and bot-related security incidents.
See how Imperva Advanced Bot Protection and API Security can protect websites, applications, and APIs from automated attacks and without affecting the flo
LINK: | https://www.thalesgroup.com/en/worldwide/defence-and-security/press_re... |
See more stories from thales |
More from Thales
19/12/2024
Thales to enhance vehicle access with reliable and secure contactless solutions
Facebook Twitter LinkedIn Car industry players can rely on Thales to provide digital and physical solutions that improve car access experiences, while ens...
19/12/2024
SEACURE : a major European defence project led by Thales to prepare European navies for underwater warfare
Facebook Twitter LinkedIn Within the framework of the European Defence Fun...
17/12/2024
HungaroControl upgrades its Air Traffic Control System with Thales' TopSky - ATC One offering and joins Alliance One users' group
Facebook Twitter LinkedIn Thales TopSky - ATC updated system introduces an...
12/12/2024
Thales RSM NG secondary radar selected by Luchtverkeersleiding Nederland to strengthen Air Traffic Control at Schiphol Airport
Facebook Twitter LinkedIn Thales has been selected by Luchtverkeersleiding...
09/12/2024
Avinor selects Thales to deploy Norway's next-generation nationwide Unmanned Traffic Management system
Facebook Twitter LinkedIn Thales and Avinor have partnered to implement No...
06/12/2024
Copernicus Sentinel-1C Earth observation satellite successfully launched
Facebook Twitter LinkedIn Sentinel-1C will supply vital radar imagery for understanding climate change and preserving our planet Kourou, December 6, 2024...
03/12/2024
Thales Unveils Data Risk Intelligence to Redefine Data Risk Visibility and Proactive Risk Mitigation
Facebook Twitter LinkedIn Data Risk Intelligence combines posture and beha...
27/11/2024
Thales Alenia Space to lead Carb-Chaser project, the first French constellation to monitor human-induced CO emissions
Facebook Twitter LinkedIn Cannes, November 27, 2024 - Thales Alenia Space,...
22/11/2024
COOPANS, the Alliance Managing Europe's Largest Air Traffic Volume, Upgrades its Air Traffic Control (ATC) System with Thales
Facebook Twitter LinkedIn COOPANS is a leading international cooperation b...
22/11/2024
Press release
Facebook Twitter LinkedIn Thales confirms that the Parquet National Financier (PNF) in France and the Serious Fraud Office (SFO) in the United Kingdom hav...
21/11/2024
Thales unveils generative AI solution for Security Operations Centres (SOCs)
Facebook Twitter LinkedIn Thaless AI accelerator cortAIx has unveiled GenAI4SOC, the first solution of its kind developed in France, to detect cybersecuri...
21/11/2024
Thales prsente sa solution d'IA gnrative ddie aux Centres oprationnels de cyberscurit (SOC)
Facebook Twitter LinkedIn Les quipes de cortAIx, l'acc l rateur d'...
20/11/2024
Thales's Friendly Hackers unit invents metamodel to detect AI-generated deepfake images
Facebook Twitter LinkedIn As part of the challenge organised by Frances De...
18/11/2024
Thales strengthens Portugal's very short-range air defence capabilities with ForceShield system
Facebook Twitter LinkedIn Thales and NATO Support and Procurement Agency (...
14/11/2024
2024 Capital Markets Day: Thales, a global technology leader in Defence, Aerospace and Cyber & Digital
Facebook Twitter LinkedIn Thales has successfully reinforced its business ...
13/11/2024
Eastern Airlines Technic and Thales extend MRO cooperation
Facebook Twitter LinkedIn Eastern Airlines Technic (EASTEC) and Thales renewed their Maintenance Partnership Agreement, strengthening their collaboration ...
12/11/2024
Koreasat 6A communications satellite successfully launched
Facebook Twitter LinkedIn Cannes, November 12th, 2024 - The Koreasat 6A communications satellite was successfully launched yesterday by a SpaceX Falcon 9 ...
07/11/2024
Celebrating Ethiopian Airlines delivery of the first A350-1000 in Africa equipped with Thales's AVANT Up IFE
Facebook Twitter LinkedIn Ethiopian Airlines is the 1st Airbus A350-1000 i...
07/11/2024
Thales and Bleuet de France: a partnership for solidarity and recognition
Facebook Twitter LinkedIn Thales, a global leader in advanced technologies specialising in Defence, Aerospace & Space, and Cybersecurity & Digital Identit...
06/11/2024
Thales and FEBUS Optics sign strategic co-development agreement to protect critical undersea infrastructure
Facebook Twitter LinkedIn Thales has concluded an agreement with FEBUS Opt...
05/11/2024
Thales to empower JetZero's innovative aircraft for safe and eco-friendly flights
Facebook Twitter LinkedIn The aviation industry has committed to achieving...
04/11/2024
Thales: Launch of the 2024 Employee Share Ownership Plan
Facebook Twitter LinkedIn Thales (Euronext Paris: HO) announces the launch of its 2024 employee share ownership plan, running from Monday 4 November to Fr...
04/11/2024
Thales introduces CoastShield, a coastal surveillance system solution enabling nations to ensure coastal protection and safe maritime operations
Facebook Twitter LinkedIn CoastShield is a modular and scalable advanced c...
04/11/2024
Thales AI developments enhance operational performance of maritime mine countermeasures
Facebook Twitter LinkedIn At the Euronaval exhibition at Paris Nord Villep...
04/11/2024
Thales's Naval DRAKON solution enhances interoperability and secure connectivity for naval forces
Facebook Twitter LinkedIn With the return of high-intensity conflicts and ...
31/10/2024
Thales' Suite of IFE Accessibility SolutionsWins Prestigious Crystal Cabin Award
Facebook Twitter LinkedIn The Crystal Cabin Award Association recognized T...
29/10/2024
A NEW SATELLITE AGREEMENT TO STRENGTHEN THE PAN-AFRICAN STRATEGIC PARTNERSHIP BETWEEN FRANCE AND MOROCCO
Facebook Twitter LinkedIn French President Emmanuel Macron set to meet wit...
28/10/2024
Thales and BCG Announce Partnership to Enhance Cyber Resilience for Large Companies
Facebook Twitter LinkedIn Thales and Boston Consulting Group (BCG) have an...
28/10/2024
Qatar Airways Signs Agreement with Thales to Equip A321 NX Fleet with Award Winning FlytEDGE IFE System
Facebook Twitter LinkedIn Qatar Airways and Thales have signed an agreemen...
24/10/2024
Thales and the Max Planck Institute for Plasma Physics set a world record in the field of nuclear fusion
Facebook Twitter LinkedIn Developed in collaboration with the Max Planck I...
23/10/2024
Thales reports its order intake and sales as of September 30, 2024
Facebook Twitter LinkedIn Order intake: 15.6 billion, up 23% on an organic basis1 ( 26% total change) Sales: 14.1 billion, up 6.2% on an organic basis ...
21/10/2024
AI-driven Attacks Targeting Retailers Ahead of the Holiday Shopping Season
Facebook Twitter LinkedIn Imperva, a Thales company, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, warn...
17/10/2024
Thales makes first shipment of 300 night vision goggles for French Army under Bi-NYX contract
Facebook Twitter LinkedIn French forces have received the first 300 Thales...
16/10/2024
Thales demonstrates its capacity to deploy drone swarms with unparalleled levels of autonomy using AI
Facebook Twitter LinkedIn On 16 October 2024, in the first flight tests of...
16/10/2024
ESA orders 6 additional radar-based satellites to Thales Alenia Space for IRIDE Earth observation constellation
Facebook Twitter LinkedIn This new batch of radar satellites will also be ...
16/10/2024
German Armed Forces receive final Ground Alerter 10 sense and warn camp protection system
Facebook Twitter LinkedIn On 16 October 2024, Thales officially handed ove...
15/10/2024
Thales radios successfully tested by the German Armed Forces to be deployed within the NATO enhanced Forward Presence
Facebook Twitter LinkedIn The German Armed Forces conducted operational te...
15/10/2024
KNDS selects Thales Power Systems Solution for the Leopard 2 A8
Facebook Twitter LinkedIn KNDS awarded Thales a contract to deliver compact, programable and scalable High-Power Solid-State Power Distribution Boards (SS...
15/10/2024
Thales Alenia Space signs a contract with OHB to develop two radar instruments for ESA's 10th exciting new Earth Explorer Harmony mission
Facebook Twitter LinkedIn Leveraging its longstanding experience in radar-...
14/10/2024
ESPRIT module for Lunar Gateway orbital outpost set for a significant upgrade
Facebook Twitter LinkedIn Thales Alenia Space and ESA sign contract amendment to extend and optimize ESPRIT module Milan, October 14, 2024 - Thales Aleni...
09/10/2024
Thales to supply handheld thermal imagers to the Canadian Army
Facebook Twitter LinkedIn The Thales Sophie Ultima long-range handheld thermal imagers have been selected by the Canadian Armed Forces, the first contract...
09/10/2024
Adani Airport Holdings Limited and Thales Forge Strategic Partnership to Improve Airport Operations and Passenger Experience in India
Facebook Twitter LinkedIn This strategic collaboration includes a fully in...
08/10/2024
Thales announces the distribution of an interim dividend and the reduction of its share capital by cancellation of treasury shares
Facebook Twitter LinkedIn The Board of directors of Thales (Euronext Paris...
08/10/2024
Hera planetary defence mission successfully launched
Facebook Twitter LinkedIn Hera aims to confirm if it is possible to deflect a hazardous asteroid on a collision course with the Earth, as a repeatable str...
07/10/2024
Thales to bring its expertise in advanced air mobility to the North Dakota Unmanned Autonomous Systems Council
Facebook Twitter LinkedIn Thales, the global high technology leader and in...
02/10/2024
Empowering drones to enhance naval operations: Thales successfully demonstrates latest innovations during Portuguese Naval military exercise
Facebook Twitter LinkedIn For the third year in a row, Thales, worldwide l...
18/09/2024
Thales contributes to the production of seven additional sections of the SAMP/TNG for the French Air and Space Forces
Facebook Twitter LinkedIn Thales As announced on the 17 September 2024 ...