FireTail API Security Report Reveals 80% Increase in API Breaches in 2024

FireTail Inc., a disruptor in API security, today published The State of API Security 2024 report, a comprehensive analysis of the API security landscape and how this technology is reshaping cybersecurity as we know it. Building on last year's report and executed in accordance with the OWASP API Top 10 2023 update, the report provides an in-depth look at modern API security by dissecting how API breaches increasingly impact the digital security of individuals and organizations. The report includes new data sources, using both internal customer data and external public APIs to confirm trends and themes in API security issues.

The pace of API adoption is accelerating, from microservice-based architectures, cloud-native and containerization, plus the proliferation of AI, resulting in a growing API attack surface. Today, more than 80% of all internet traffic is computer to computer communication, over an API. Every mobile app, IoT device, and most modern software applications are front-end user interfaces talking to back-end APIs. The technology ecosystem relies on APIs to enable innovation and drive enormous value, yet they remain easy targets for attackers. FireTail's 2024 API Security Report found that API data breaches are up 80% and the volume of records breached grew 214% year over year.

Key findings of the report include:

• API Data Breaches Up 80%: The volume of breaches where records were confirmed to have been compromised grew 80% year on year. The compound annual growth rate for breaches from 2017 to 2023 stands at 61.87%, and for incidents where records were breached it is running at 49.13%
• 1.6B Records Exposed: 2023 saw 175M records exposed, up 214% from 2022. In total, since 2017 the 50 breaches recorded on FireTail's API data breach tracker show 1,623,978,957 records exposed over the course of the 7-year period.
• The average number of records exposed per breach is greater than 32M.
• 158,336 Potential API Vulnerabilities Identified: Across the 206 Fortune 500 APIs, FireTail researchers discovered more than 158K issues, an average of 769 per API.
• Authentication and authorization still dominate as the top two primary attack vectors, both in the number of breaches and the volume of records breached. 78.2% of all incidents relied on AuthZ or AuthN issues as a primary attack vector.

"This report highlights that threats to API security remain a major issue and aren't being appropriately addressed. API breaches, whether it be a first-party or third-party breach, have massive repercussions, including systemic vulnerabilities in cars and travel systems," said Jeremy Snyder, CEO and co-founder of FireTail. "The number one cyber incident of 2023, MOVEit, illustrates a growing threat in the API security landscape - vulnerabilities in the digital supply chain. As our reliance on APIs grows and systems are more and more intertwined, APIs become an even more attractive target for attackers. And with advancements in AI lowering the bar for attackers and changing the calculus around what it takes to stage a successful attack, the need for effective API security has never been more pronounced."

Founded in 2022 with a mission to secure the world's APIs, FireTail allows customers everywhere to solve all the most critical problems facing APIs today. With a hybrid approach, bringing together cloud, application and code with full blocking capabilities, FireTail effectively addresses the root causes of API data breaches - flaws at the application and business logic layer in authentication, authorization and data handling.

FireTail will be at Infosecurity Europe in London from June 4-6, 2024. Meet the team at Stand E152 for a demo, or attend Jeremy Snyder's talk, "What CISOs Need to Know About API Security in 2024" on Tuesday, June 4^th at 10:45am GMT.

Have an API inventory? Run a free threat assessment using FireTail and see how secure your APIs really are. Get started now - https://firetail.app/.

About FireTail

FireTail engineered a hybrid approach to API security: an open-source library that protects programmable interfaces with inline API call evaluation and blocking, cloud-based API security posture management, centralized audit trail, and detection and response capabilities. FireTail is the only company offering these capabilities together, ultimately helping organizations eliminate API vulnerabilities from their applications and providing runtime API protection.

FireTail is headquartered in Washington, DC, with additional offices in Dublin, Ireland and Helsinki, Finland. FireTail is backed by leading investors, including Paladin Capital, Zscaler, General Advance and SecureOctane. For more information about FireTail, visit https://www.firetail.io.