Page 127 - Cyber Defense eMagazine September 2023
P. 127

API  layer  has  to  be  the  universal  defense  layer  to  prevent  attacks  and  utilize  the  additional
                   detection logic to do so effectively.

               4.  Regulatory compliance: Data protection regulations like GDPR, CCPA, and HIPAA have strict
                   rules on data handling. In October of 2022, we also witnessed the FFIEC make updates to its
                   cybersecurity  guidelines  –  and  the  update  included  API  security.  Ensuring  API  security  is  a
                   significant step towards regulatory compliance and avoiding hefty fines.

               5.  Evolution of cyber threats: The cyber threat landscape is rapidly evolving, and bad actors are
                   using  increasingly  sophisticated  methods  to  exploit  vulnerabilities.  Credential  stuffing,  for
                   instance,  where  attackers  automate  login  requests  using  stolen  credentials,  can  lead  to
                   unauthorized access to APIs. And according to Gartner, last year in 2022, API abuse became the
                   most frequent attack vector for data breaches. Furthermore, they also predict that by next year,
                   2024, API abuse attacks will double. Account takeover, Bot based attacks and Online Fraud are
                   also  being  increasingly  carried  out  via  API’s.  The  relentless  advancement  of  such  threats
                   necessitates a dedicated focus on API security.



            As we navigate the new age of data security, securing APIs is more critical than ever. Organizations must
            prioritize API security in their DLP strategies, not only to guard against data breaches and meet regulatory
            compliance but also to fortify their defense against the ever-evolving threats posed by cybercrime.

            With APIs becoming the gatekeepers of valuable data, our DLP strategies must pivot towards securing
            these critical links, transforming our approach to data security in this interconnected digital age.



            About the Author

            By Sudeep Padiyar, Senior Director, Product Management at Traceable AI

            Sudeep  Padiyar  is  very  passionate  about  cloud  native  security  and  feels  the
            technology we are building at Traceable AI will be the foundation for DevSecOps,
            API Security and Observability for years to come. Prior to joining Traceable he was
            at Palo Alto Networks where he started CN-Series - the industry’s first Kubernetes
            next gen firewall, lead automation initiatives for cloud security and managed cloud
            network security products. He started his career as an engineer at Cisco building
            core routers and switched to Product Management for Data Center switching after his MBA from Santa
            Clara University.

            When he is not thinking about technology he likes to coach his kids’ soccer team, play tennis and go for
            hikes in the SF bay area. He is into teas and likes to brew everything from Masala chai to loose leaf
            Jasmine  tea.  He  lives  in  Sunnyvale  with  his  wife  and  two  kids.  Sudeep  can  be  reached  online  at
            https://www.linkedin.com/in/sudeep-padiyar and our company website https://traceable.ai.







            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          127
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   122   123   124   125   126   127   128   129   130   131   132