Page 127 - Cyber Defense eMagazine September 2023
P. 127
API layer has to be the universal defense layer to prevent attacks and utilize the additional
detection logic to do so effectively.
4. Regulatory compliance: Data protection regulations like GDPR, CCPA, and HIPAA have strict
rules on data handling. In October of 2022, we also witnessed the FFIEC make updates to its
cybersecurity guidelines – and the update included API security. Ensuring API security is a
significant step towards regulatory compliance and avoiding hefty fines.
5. Evolution of cyber threats: The cyber threat landscape is rapidly evolving, and bad actors are
using increasingly sophisticated methods to exploit vulnerabilities. Credential stuffing, for
instance, where attackers automate login requests using stolen credentials, can lead to
unauthorized access to APIs. And according to Gartner, last year in 2022, API abuse became the
most frequent attack vector for data breaches. Furthermore, they also predict that by next year,
2024, API abuse attacks will double. Account takeover, Bot based attacks and Online Fraud are
also being increasingly carried out via API’s. The relentless advancement of such threats
necessitates a dedicated focus on API security.
As we navigate the new age of data security, securing APIs is more critical than ever. Organizations must
prioritize API security in their DLP strategies, not only to guard against data breaches and meet regulatory
compliance but also to fortify their defense against the ever-evolving threats posed by cybercrime.
With APIs becoming the gatekeepers of valuable data, our DLP strategies must pivot towards securing
these critical links, transforming our approach to data security in this interconnected digital age.
About the Author
By Sudeep Padiyar, Senior Director, Product Management at Traceable AI
Sudeep Padiyar is very passionate about cloud native security and feels the
technology we are building at Traceable AI will be the foundation for DevSecOps,
API Security and Observability for years to come. Prior to joining Traceable he was
at Palo Alto Networks where he started CN-Series - the industry’s first Kubernetes
next gen firewall, lead automation initiatives for cloud security and managed cloud
network security products. He started his career as an engineer at Cisco building
core routers and switched to Product Management for Data Center switching after his MBA from Santa
Clara University.
When he is not thinking about technology he likes to coach his kids’ soccer team, play tennis and go for
hikes in the SF bay area. He is into teas and likes to brew everything from Masala chai to loose leaf
Jasmine tea. He lives in Sunnyvale with his wife and two kids. Sudeep can be reached online at
https://www.linkedin.com/in/sudeep-padiyar and our company website https://traceable.ai.
Cyber Defense eMagazine – September 2023 Edition 127
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.