APJ News Security Survey Report

APJ Manufacturing Sector Suffers Highest Web Attacks Against APIs Across Industries: Akamai Report

APJ Manufacturing

New research shows that manufacturing in APJ is the most targeted vertical, facing nearly one out of three (31.2 percent) of API attacks

As per Akamai Technologies released new State of The Internet (SOTI) report the manufacturing sector in APJ is most at risk, having suffered the most API-targeted attacks across industries, attracting nearly one out of three (31.2 percent) of all web attacks. Akamai expects attacks to spike as the demand for API use increases, and strongly urges organisations to prioritise properly accounting for and securing their APIs – or risk suffering breaches.

“As manufacturers use more APIs to enable real-time production monitoring, predictive maintenance, and cost optimisation, they need to be more aware of the risks they are exposed to.” 

Reuben Koh, Security Technology and Strategy Director (APJ), Akamai.

APIs enable software, systems, and devices to communicate with one another, and are vital to most organisations because they have improved both employee and customer experiences. APIs are highly valuable to manufacturers as they enable the use of Industrial Internet of Things devices to increase efficiency, accelerate production, and enable real-time management of factories and inventories. Unfortunately, this digital innovation and the rapid expansion of the API economy have presented cybercriminals with new opportunities for exploitation. Successful attacks against APJ manufacturers can cause serious repercussions worldwide, given Asia’s crucial role as a global manufacturing hub.

“APIs are increasingly critical to organisations, but they are also challenged with protecting APIs effectively, as security is often not properly baked into the rapid development and deployment processes of newer technologies like APIs,” explained Reuben Koh, Security Technology and Strategy Director (APJ), Akamai. “As manufacturers use more APIs to enable real-time production monitoring, predictive maintenance, and cost optimisation, they need to be more aware of the risks they are exposed to.” 

Lurking in the Shadows analyses some of the most common problem areas regarding posture and runtime challenges. Other key findings of the report include:

  • The top sectors suffering the highest percentage of web attacks that targeted APIs were manufacturing at 31.2%, followed by gaming at 25.2%, high tech at 24.4%, video media at 24.0%, and commerce at 22.3%.
  • The top five regions with the highest percentage of web attacks targeting APIs were South Korea at 47.9%, Indonesia at 39.6%, Hong Kong SAR at 38.7%, Malaysia at 26.4%, and Japan at 23.4%. This was followed by India (19.0%), Australia (15.6%), Singapore (5.8%), the Philippines (5.5%), and New Zealand (4.8%).
  • In APJ, top attack methods include Local File Inclusion (LFI) at 16.8%, Server-Side Request Forgery (SSRF) at 11.8%, and Web Attack Tool (WAT) at 10.4%. Attackers are also favouring the use of newly surfaced vectors, like CMDi at 9.1%, which underscores that adversaries are continuously finding new methods and avenues to exploit targets.
  • Business logic abuse is a critical concern as it is challenging to detect abnormal API activity without establishing a baseline for API behaviour. Organisations in APJ without solutions to monitor anomalies in their API activity are at risk of runtime attacks like data scraping — a new data breach vector that uses authenticated APIs to slowly scrape data from within.
  • Bot requests are also concerning in APJ – nearly half of the more than two trillion suspicious bot requests were aimed at APIs.
  • APIs are at the heart of most digital transformations today, so it is paramount for APJ businesses to understand their industry’s trends and relevant threats, like loyalty fraud, abuse, authorisation, and carding attacks.
  • Organisations in APJ need to think about compliance requirements and emerging legislation early in their security strategy process to avoid the need to re-architect. Examples include section 6 of the upcoming Payment Card Industry Data Security Standard (PCI DSS) v4.0 on new API standards.

“Companies in APJ must ensure that the APIs they use are properly discovered and documented – and have complete visibility into their purpose and the risks they bring.” said Koh. “Businesses also need to keep themselves updated on API threats – especially on emerging ones like API business logic abuse – and follow industry guidelines to protect against misconfiguration and vulnerabilities. Our new report provides key insights to help organizations leverage best practices to enhance security, as the use of APIs become more prevalent across all industries.”

Related posts

LogRhythm | Exabeam Opens Regional Office in Riyadh

enterpriseitworld

Sophos Appoints Torjus Gylstorff as Sophos’ CRO

enterpriseitworld

The ERP revolution is here: Why point solutions might be failing your business

enterpriseitworld
x