Numerous security challenges around application programming interfaces (APIs) are increasingly tackled by artificial intelligence (AI) and machine learning (ML) enabled solutions in the APAC region.
Recent research results published by F5 research revealed that one in five APAC organizations look to protect their APIs with the help of AI and ML powered security tools.
The research was conducted by Twimbit on behalf of F5 in the first half of 2024. It surveyed 297 professionals from various sectors, including security, DevOps, SecOps, and application development. Respondents were distributed across 11 APAC markets: Australia, China, India, Indonesia, Japan, Korea, Malaysia, New Zealand, Singapore, Taiwan, and Thailand.
The study shows that APIs are increasingly being the point of attack for cybercriminals in the region. Therefore, protecting API connections and related data is a critical security challenge for APAC organizations.
“Applications have become the front door to cybercrime, and cybercriminals increasingly use APIs as the key. Across the APAC region, we have seen more attacks, with increasing speed, scale and sophistication as cybercriminals leverage AI-powered tools.”
Mohan Veloo, Chief Technology Officer for Asia Pacific, China and Japan, F5
Moreover, the research claims that APAC faces unique API security challenges compared to the rest of the world. One of the reasons is widely used REST/RPC technologies, high use of internal APIs and diverse deployments across the region. Reportedly, security challenge rankings by APAC organizations differ from global OWASP rankings, with broken authentication, server-side request forgery, and security misconfiguration emerging as top concerns.
Advanced tech solutions are indispensable in detecting and mitigating sophisticated threats. On the contrary, traditional security measures often overlook novel cyber threats such as server-side request forgery (SSRF).
Besides AI/ML, 20% of the surveyed organizations also employ API gateways for strong access control. This security method also helps mitigate various vulnerabilities such as unrestricted access to sensitive business flows. Data leakage is the highest concern (53%) for APAC organizations in API runtime protection.
The study revealed that organizations do not only strive to protect their APIs during runtime but also increasingly recognize the importance of guarding their interfaces from the very development stage. Thus, robust code security standards and practices emerged as a fundamental strategy among 18% of the region’s organizations. They help businesses guard APIs against complex vulnerabilities, e.g. Broken Object Level Authorization and Security Misconfiguration issues to SSRF.
In addition, security testing and access control are also among the top priorities in the API security lifecycle for APAC organizations. Taking into account the unique nature of security challenges APAC faces, regional companies increasingly prefer preventative measures to mitigate risks associated with unauthorized access and ensure robust API security before deployment.
In this respect, organizations are balancing traditional methods like static application security testing (SAST) (54%) and dynamic application security testing (DAST) (51%) with emerging strategies such as active API security testing (51%).
We have earlier reported that Google CEO Sundar Pichai said the rapid development of artificial intelligence can enhance security protection in cyberspace.
