APIs – are a key underlying technology for modern banking. Whether they are APIs mandated by new Open Banking directives, APIs for embedded finance or other APIs such as those from major credit bureaus, APIs are a key building block.
A major report published by Akamai Technologies in Feb 2020, there is a significant increase in the number of API attacks. According to data from Akamai, up to 75% of all credential abuse attacks against the financial services industry targeted APIs directly. Akamai observed that between Dec 2017 to Nov 2019, a total of 473,518,955 (yes, 473 million!) API endpoints attacks targeted organizations in the financial services industry.
The same report also had startling statistics regarding credential abuse attacks. Akamai found that about 16.5 billion attacks targeted hostnames that were API endpoints. This constituted nearly 20 percent of total credential abuse attacks.
- Financial APIs are a prime target for hacking.
- Financial APIs carry sensitive personal information such as credit card and social security numbers. Failing to protect them can result in significant regulatory compliance violations.
- New regulations such as Open Banking mandate open APIs yet create new security issues.
The Syber.ai Solution
- Continuous monitoring of production APIs.
- Deep analysis of the content of API transactions, not just their metadata, to detect anomalies related to hacks, personal information data leaks and API abuse.
- Banking-specific protections that can enforce Open Banking regulations and protect participating systems.
- Valuable insights, near real-time, for security teams, developers and business owners.
Additionally, Syber.ai’s solution builds a catalog of detected APIs and continuously checks their compliance relative to the develop definitions. If a violation is detected, a deep-dive analysis is available to analyze the root cause and determine if this is a security, engineering or business issue.
Existing cybersecurity devices – such as API gateways and Web Application Firewalls – can enforce API access policies but can’t detect data leaks, advanced hacking techniques or subtle deviations from normative behavior. That’s why Gartner is recommending that vendors look into API-specific solutions beyond the rudimentary API protection offered by existing devices.
Are your APIs properly protected?