A new survey highlights the widespread nature of API security incidents and the lack of full inventories of potentially dangerous APIs. Credit: iStock A report released this week by OpinionMatters and commissioned by Noname Security found that more than three out of four senior cybersecurity professionals in the US and UK said that their organization had experienced at least one API-related security incident within the last 12 months.A similar number, 74%, said that they had not completed a full inventory of all APIs in their systems, or have full knowledge of which ones could return sensitive data. The most common security gaps identified were dormant APIs—APIs that have been ostensibly replaced but remain in operation—authorization vulnerabilities, and web application firewalls.With that said, a strong majority—71%—also said that they were confident in the API security provided by their communications service provider, indicating, according to Noname, that there’s a level of complacency at work around the topic.“There is clearly a disconnect between what is happening in the real world, and organizational attitudes towards API security,” the report said. “The level of misplaced confidence around API security is disproportionately high in comparison to the number and severity of API-related breaches. This points to the need for further education by security, [application security], and development teams around the realities of API security.” Digital transformation, the report added, will only make API security more important as time goes on. The authors cited a Gartner report that said that API-related breaches could become the most common type of security incident as of this year.Utility, manufacturing sectors have biggest API security issuesThe most vulnerable industries, according to the survey, were energy and utilities, as well as manufacturing—78% of respondents in the former industry reported some type of API breach in the previous year, as well as 79% in the latter. Only 19% of energy and utility company respondents reported having a full API inventory or full insight into which of their APIs were potential points of vulnerability. UK respondents were slightly more likely to have real-time insight into their potential API vulnerabilities, as well as a better sense of overall API inventory—14% of UK respondents reported real-time testing, with just 8% of US users saying likewise, and 28% said they had fully inventoried their APIs and potentially sensitive data, compared to 24% for US respondents.Related: 9 API security tools on the frontlines of cybersecurity Related content news Okta launches Cybersecurity Workforce Development Initiative New philanthropic and educational grants aim to advance inclusive pathways into cybersecurity and technology careers. By Michael Hill Oct 04, 2023 3 mins IT Skills Careers Security news New critical AI vulnerabilities in TorchServe put thousands of AI models at risk The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said. By Shweta Sharma Oct 04, 2023 4 mins Vulnerabilities news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps Generative AI Vulnerabilities news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe