A new survey highlights the widespread nature of API security incidents and the lack of full inventories of potentially dangerous APIs. Credit: iStock A report released this week by OpinionMatters and commissioned by Noname Security found that more than three out of four senior cybersecurity professionals in the US and UK said that their organization had experienced at least one API-related security incident within the last 12 months.A similar number, 74%, said that they had not completed a full inventory of all APIs in their systems, or have full knowledge of which ones could return sensitive data. The most common security gaps identified were dormant APIs—APIs that have been ostensibly replaced but remain in operation—authorization vulnerabilities, and web application firewalls.With that said, a strong majority—71%—also said that they were confident in the API security provided by their communications service provider, indicating, according to Noname, that there’s a level of complacency at work around the topic. “There is clearly a disconnect between what is happening in the real world, and organizational attitudes towards API security,” the report said. “The level of misplaced confidence around API security is disproportionately high in comparison to the number and severity of API-related breaches. This points to the need for further education by security, [application security], and development teams around the realities of API security.” Digital transformation, the report added, will only make API security more important as time goes on. The authors cited a Gartner report that said that API-related breaches could become the most common type of security incident as of this year.Utility, manufacturing sectors have biggest API security issuesThe most vulnerable industries, according to the survey, were energy and utilities, as well as manufacturing—78% of respondents in the former industry reported some type of API breach in the previous year, as well as 79% in the latter. Only 19% of energy and utility company respondents reported having a full API inventory or full insight into which of their APIs were potential points of vulnerability. UK respondents were slightly more likely to have real-time insight into their potential API vulnerabilities, as well as a better sense of overall API inventory—14% of UK respondents reported real-time testing, with just 8% of US users saying likewise, and 28% said they had fully inventoried their APIs and potentially sensitive data, compared to 24% for US respondents.Related: 9 API security tools on the frontlines of cybersecurity Related content news analysis Long-running Chinese cyberespionage operation targeted Southeast Asian government Several intrusions employing diverse and sophisticated tools sought to exfiltrate sensitive military and technical information of the unnamed government, according to a report by Sophos. By Lucian Constantin Jun 05, 2024 6 mins Advanced Persistent Threats Hacker Groups Hacking news Nominations for CSO30 Australia 2024 open By Cathy O'Sullivan Jun 05, 2024 3 mins Events brandpost Sponsored by SANs Institute Navigating AI disruption in cybersecurity: Practical steps for leaders Now is the time to prepare for the AI surge in cybersecurity with sound strategies for today’s security leaders. By James Lyne, Chief Technology and Innovation Officer, SANS Institute, SANS Certified Instructor and Course Author Jun 05, 2024 4 mins Security news London hospitals face days of disruption after ransomware attack on supply chain partner Criminals are increasingly targeting healthcare organizations by exploiting weaknesses in third parties. By John E. Dunn Jun 05, 2024 4 mins Ransomware Healthcare Industry PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe