Vulnerable APIs And Bot Attacks Costing Australian Businesses Up To $2 Billion Annually
Sydney, Australia โ€” 23 September, 2024 โ€”ย Thales, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, releases the โ€œEconomic Impact of API and Bot Attacksโ€ report. The analysis of more than 161,000 unique cybersecurity incidents estimates that API insecurity and automated abuse by bots is responsible for as many as one […]
Posted: Monday, Sep 23
  • KBI.Media
  • $
  • Vulnerable APIs And Bot Attacks Costing Australian Businesses Up To $2 Billion Annually
Vulnerable APIs And Bot Attacks Costing Australian Businesses Up To $2 Billion Annually
Sydney, Australia โ€” 23 September, 2024 โ€”ย Thales, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, releases the โ€œEconomic Impact of API and Bot Attacksโ€ report. The analysis of more than 161,000 unique cybersecurity incidents estimates that API insecurity and automated abuse by bots is responsible for as many as one in four cybersecurity incidents in Australia, resulting in up to $2[1]ย billion of losses annually.
This new report, conducted by the Marsh McLennan Cyber Risk Intelligence Center, uncovers the rising global costs of vulnerable or insecure APIs and automated abuse by bots, two security threats that are increasingly interconnected and prevalent. In 2023, APJ (Asia Pacific and Japan) accounted for 17.7% of global API and bot-related security incidents, leading to over $16.6 billion in business losses. The region saw the highest rate of API-related attacks at 14%, and 24% of attacks were bot-related, the second highest globally after Africa.
Globally, the report found that larger organisations are statistically more likely to have a higher percentage of security incidents that involve both insecure APIs and bot attacks. Enterprises with revenues of more than US 1 billion were 2-3x more likely to experience automated API abuse by bots than small or mid-size businesses. The study suggests large companies are particularly vulnerable to security risks associated with automated API abuse by bots, because of complex and widespread API ecosystems.
Enterprises rely heavily on APIs to enable seamless communication between diverse applications and services. Data from the Imperva Threat Research team finds that the average enterprise managed 613 API endpoints in production last year. That number is growing rapidly as businesses face mounting pressure to deliver digital services with greater agility and efficiency.
Due to this increased reliance and their direct access to sensitive data, APIs have become attractive targets for bot operators. In 2023, automated threats accounted for 30% of all global API attacks, according to data from Imperva Threat Research. Today, automated API abuse by bots costs organisations up to US 17.9 billion of losses annually. As the number of APIs in production multiplies, cybercriminals will increasingly use automated bots to find and exploit API business logic, circumvent security measures, and exfiltrate sensitive data.
Reinhart Hansen, Director of Technology, Asia Pacific and Japan, at Imperva, a Thales company,ย said, โ€œMany businesses across APJ are unaware that undesirable bot traffic is impacting their bottom line by targeting their applications, APIs, and infrastructure. Business leaders can’t manage this risk if theyโ€™re unaware of it or donโ€™t fully understand it.โ€
ย 
โ€œThe same can also be said about lack of visibility across an organisationโ€™s API endpoint assets and the data they exchange, internally, publicly, and directly with third parties. Without an accurate and continuously updated API endpoint inventory and security assessment, organisations remain open to significant security risks, such as large-scale data loss and exfiltration.โ€
Key Global Trends identified in The Economic Impact of API and Bot Attacks report:
  • Increased API adoption and usage is growing the attack surface:ย The rapid adoption of APIs, inexperience of many API developers, and lack of collaboration between security and development teams has led insecure APIs to now result in up to $87 billion of losses annually, a $12 billion increase from 2021.
  • Bots negatively impact organisationsโ€™ bottom line:ย The widespread availability of attack tools and generative AI models has enhanced bot evasion techniques and enabled even low-skilled attackers to launch sophisticated bot attacks. Up to $116 billion of losses annually can be attributed to automated attacks by bots.
  • API and bot-related security incidents are becoming more frequent:ย In 2022, API-related security incidents rose by 40%, and bot-related security incidents spiked by 88%. These increases were fueled by a rise in digital transactions, the expanding use of APIs, and geopolitical tensions. In the following year, as digital traffic began to stabilise and the pandemic-driven surge in internet activity subsided, the frequency of these incidents moderated. API-related security incidents grew by 9%, while bot-related security incidents jumped by 28%. The overall upward trend in attacks highlights the growing persistence and frequency of these threats.
  • Insecure APIs and bot attacks pose a significant threat to large enterprises:ย Companies with revenue of at least $100 billionย are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats constitute up to 26% of all security incidents experienced by such businesses.
  • Countries around the globe are vulnerable to API and bot attacks:ย Brazil experienced the highest percentage of events related to insecure APIs or bot attacks, with the threats accounting for up to 32% of all observed security incidents. This was closely followed by France (up to 28%), Japan (up to 28%), and India (up to 26%). While the percentage of events attributed to API and bot-related security incidents was lower in the United States, 66% of all reported events related to vulnerable APIs or automated abuse by bots occurred within the country.
โ€œAPI ecosystems will continue to grow exponentially, driving connections to generative AI applications and large language models,โ€ย adds Hansen. โ€œIn parallel, cybercriminals will leverage emerging technologies to create sophisticated bots at an accelerated and alarming pace. Business leaders should take proactive measures to assess and interpret the potential risk to their bottom line and adopt a holistic solution that covers the entire application landscape, without impacting end-user experience.โ€
Additional Information:
  • Download a copy of the โ€œThe Economic Impact of API and Bot Attacksโ€ report for additional insights on the business impact of API and bot-related security incidents.
  • See how Impervaย Advanced Bot Protectionย andย API Securityย can protect websites, applications, and APIs from automated attacks and without affecting the flow of business-critical traffic.
  • Read theย Imperva Blogย (Imperva, a Thales company) for the latest product and solution news, and threat intelligence from Imperva Threat Research.

[1]ย The overall total does not double count events that are both API and bot related.

About Thalesย 

Thales (Euronext Paris: HO) is a global leader in advanced technologies specialised in three business domains: Defence & Security, Aeronautics & Space, and Cybersecurity & Digital identity.
It develops products and solutions that help make the world safer, greener and more inclusive.
The Group invests close to โ‚ฌ4 billion a year in Research & Development, particularly in key innovation areas such as AI, cybersecurity, quantum technologies, cloud technologies and 6G.
Thales has close to 81,000 employees in 68 countries. In 2023, the Group generated sales of โ‚ฌ18.4 billion
Share This