AUSTRALIA, AUGUST 20, 2024 โ APAC organisations are increasingly relying on artificial intelligence and machine learning (AI/ML) enabled solutions to tackle a wide array of security challenges around Application Programming Interfaces (APIs), according to F5โs (NASDAQ: FFIV) inaugural 2024 Strategic Insights: API Security in APAC report. The report examines the challenges and opportunities in API security in Asia Pacific (APAC), as APIs continue to power the regionโs digital experiences.
With APIs increasingly being the point of attack for cybercriminals, 17 per cent of A/NZ organisations have adopted AI/ML technologies to detect and mitigate sophisticated threats, such as broken object level authorisation and server-side request forgery.
The adoption of AI/ML solutions show A/NZ organisations proactive approach to leveraging advanced technologies for comprehensive threat detections and prevention across API environments.
โOver 90 per cent of the attacks F5 has seen across our infrastructure have been targeted towards APIs. In Australia, cyber attacks on API systems have caused wide-spread data breaches and millions of peopleโs data to be compromised,โ said Jason Baden, Regional Vice President, A/NZ, F5. โWeโve seen growing number of attacks, with unprecedented speed and sophistication as a result of cybercriminals taking advantage of AI-powered tools. Because of this, API security is one of the most important challenges for organisations in Australia and New Zealand to address.โ
For Australia, protecting APIs during runtime is a top priority, with many increasingly recognising the importance of guarding APIs right from development. Having robust code security standards and practices (17 per cent) has emerged as a fundamental strategy among the regionโs organisations to guard APIs against a broad range of complex vulnerabilities, from Broken Object Level Authorisation and Security Misconfiguration issues to SSRF.
โToday, API security is more important, but also more complex, than ever. Findings from our report clearly show that more organisations are shifting left along the API lifecycle, while still attempting to shield right,โ said Mohan Veloo, Chief Technology Officer for Asia Pacific, China and Japan, F5. โF5 is bringing advanced API code testing and telemetry analysis to F5 Distributed Cloud Services, creating the industryโs most comprehensive and AI-ready API security solution. F5 Distributed Cloud Services can offer API discovery, testing, posture management, and runtime protection, all in a single platform, allowing organisations to gain true visibility and security from code to cloud.โ
The research reveals that security misconfigurations are a higher concern for A/NZ organisations than the rest of the APAC region. In Australia (19 per cent) and New Zealand (17 per cent), respondents saw it as a top issue, above the APAC average of 13.2 per cent.
To mitigate these risks, A/NZ organisations rely heavily on API Gateways for API security strategies. One fifth of A/NZ organisations have adopted API Gateways to help manage and secure API traffic to provide essential controls for access and consumption.
Other key findings from the 2024 Strategic Insights: API Security report include:
- APAC faces unique API security challenges compared to the rest of the world. Security challenge rankings by APAC organisations diverge from global OWASP rankings, with Broken Authentication, Server-Side Request Forgery, and Security Misconfiguration emerging as top concerns. This is driven by widely used REST/RPC technologies, high use of internal APIs and diverse deployments across the region.
- Australia prioritises robust, real time data leakage and tampering protection. To mitigate these risks, Australian businesses see API runtime protection as a top priority, with 45 per cent of respondents marking it as their top priority, compared to 36 per cent across APAC.
- Insecure integration with third-party services fuelling New Zealandโs high concern for Unsafe Consumption of APIs. 21 per cent of New Zealand respondents expressed concern for unsafe consumption of APIs, a much higher rate of concern than the 9.2 per cent across the APAC region. Secure API consumption practices are crucial to protect against attackers looking to leverage Webhook and SOAP protocols.
- A strong emphasis on API Security Testing in both Australia and New Zealand. In New Zealand, an incredibly high 72 per cent of respondents highlighted this as a top concern, followed by 45 per cent of Australian respondents. This emphasis on security testing is to ensure that APIs are secure from the development phase.
- Controlling external users is the top concern in API access control. APAC organisations cited heightened concern over potential risks from external entities (59 per cent). Other priorities include compliance with established standards (54 per cent) and secure app-to-app interactions (49 per cent). This reflects trends toward increasing connectivity and highlights the importance of comprehensive security frameworks to address evolving API risks effectively
- Focus on security during the development phase. Code security solutions are the most adopted API security solution in New Zealand (20.7 per cent), and the second in Australia (17.9 per cent). This highlights the importance of secure coding practices and static code analysis to prevent vulnerabilities from being introduced during the development phase.
- Strong focus on protecting data against leakage and tampering. Data leakage (53.3 per cent) is the highest priority concern for APAC organisations in API run time protection, underscoring the urgency in protecting sensitive information. Thereโs also an industry-wide emphasis on maintaining data integrity (27.7 per cent) and protecting sensitive information through detection and masking techniques (23.4 per cent).
To evaluate the current landscape of API security in A/NZ, Twimbit conducted research on behalf of F5 in H1 of 2024, surveying 297 professionals from various sectors, including security, DevOps, SecOps, and application development. Respondents were distributed across 11 APAC markets: Australia, China, India, Indonesia, Japan, Korea, Malaysia, New Zealand, Singapore, Taiwan, and Thailand.
To learn more about the report and findings, please download the full 2024 Strategic Insights: API Security in APAC report here: https://www.f5.com/c/apcj-2024/asset/2024-strategic-insights-api-security-in-apac
About F5
F5 is a multicloud application security and delivery company committed to bringing a better digital world to life. F5 partners with the worldโs largest, most advanced organisations to secure every appโon premises, in the cloud, or at the edge. F5 enables businesses to continuously stay ahead of threats while delivering exceptional, secure digital experiences for their customers. For more information, go to f5.com. (NASDAQ: FFIV)
You can also follow @F5 on X (Twitter) or visit us on LinkedIn and Facebook for more information about F5, its partners, and technologies.
F5, Distributed Cloud Services, BIG-IP, and NGINX are trademarks, service marks, or tradenames of F5, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.