One in five APAC firms turn to AI/ML for API security challenges
New research from F5 has highlighted that one in five organisations in the Asia Pacific (APAC) region are turning to artificial intelligence and machine learning (AI/ML) solutions to address their Application Programming Interface (API) security challenges.
The findings are detailed in F5's latest report, "2024 Strategic Insights: API Security in APAC."
The report underscores the growing importance of APIs in powering digital experiences across the region while signalling rising concerns as these gateways become frequent targets for cybercriminal activity. Specifically, the adoption of AI/ML technologies has become a pivotal strategy in identifying and defending against sophisticated threats that traditional security measures may miss, such as server-side request forgery (SSRF).
"Applications have become the front door to cybercrime, and cybercriminals increasingly use APIs as the key," stated Mohan Veloo, Chief Technology Officer for APAC, China, and Japan at F5. "Across the APAC region, we have seen more attacks, with increasing speed, scale, and sophistication as cybercriminals leverage AI-powered tools. Protecting API connections and the data that runs through them has become the critical security challenge for APAC organisations, especially with many looking to deliver AI."
The report identified significant trends in API security measures, with API gateways being widely adopted for ensuring strong access control and managing vulnerabilities. Approximately 20% of organisations are using these gateways to secure their interfaces against unauthorised access.
In India, the report notes a significant increase in application-based businesses. This growth has intensified the demand for robust cybersecurity solutions. "In India, we are currently witnessing a huge rise in application-based businesses, opening new avenues for cyber attackers, which has led to the rising demand for cybersecurity solutions," said Pratik Shah, Managing Director of India and SAARC at F5. He added, "Businesses are prioritising investments in security infrastructure to ensure protection for their applications. According to our report, the majority of Indian businesses are prioritising API security testing, access control, and runtime protection for comprehensive API security."
Manoj Menon, Founder and CEO of Twimbit, highlighted the distinct challenges faced by APAC organisations. "APAC organisations are facing unique API security challenges that differ significantly from global OWASP rankings. The research highlights the pressing need for tailored security measures to address specific risks such as Broken Authentication, Server-Side Request Forgery, and Security Misconfiguration. Countries like Malaysia, New Zealand, South Korea, and India are prioritising these issues, reflecting the diverse API adoption patterns across the region."
Another insight from the report is that many APAC organisations are now focusing on securing APIs at the development stage. Approximately 17.5% are adopting robust code security standards and practices to protect against complex vulnerabilities.
Veloo emphasised the evolving complexity of API security. "Today, API security is more important, but also more complex than ever. Findings from our report clearly show that more organisations are shifting left along the API lifecycle while still attempting to shield right," he noted. Veloo mentioned that F5 is enhancing its Distributed Cloud Services with advanced API code testing and telemetry analysis to offer a comprehensive API security solution.
Specific findings for India highlighted that broken authentication and SSRF are major concerns for businesses, noted by 15% of respondents for each issue. Furthermore, API security testing, access control, and runtime protection are key priorities, with respective mentions of 57%, 47%, and 43% among Indian respondents.
The report represents the responses of 297 professionals from various sectors, including security, DevOps, SecOps, and application development, across 11 APAC markets: Australia, China, India, Indonesia, Japan, Korea, Malaysia, New Zealand, Singapore, Taiwan, and Thailand.