Latin America. APIs have become essential components in modern software development, allowing different applications to communicate and interact with each other, said Helder Ferrão, Industry Strategist Director for Akamai Latin America.
The expert highlighted that as digital innovation and the API economy improve product and service experiences, they also represent new opportunities for exploitation for cybercriminals.
Latin American countries have experienced a rapid increase in digital evolution in the last decade, during which organizations have been adopting new technologies and integrating their systems through APIs. This digital shift makes these organizations more susceptible to API cyberattacks.
According to Akamai's study Lurking in the Shadows: Attack Trends Highlight API Threats, of all attacks targeting APIs globally in 2023, Latin America recorded 8.6%, compared to North America, which accounted for 27.1%.
At the beginning of last year, Latin America had experienced nearly 500,000 attacks against WEB applications and APIs. By the end of the year, that number had ballooned to 1.5 billion attacks. This trend indicates the importance of implementing robust security measures to protect APIs from malicious attacks.
"Financial services, trade, healthcare, and government are some of the most common sectors in Latin America that suffer from API attacks. These organizations often manage large amounts of sensitive data and financial transactions, making them prime targets for cybercriminals," said Jairo Parra, cybersecurity expert for Akamai Latin America.
Helder Ferrão highlighted that organizations in Latin America manage huge amounts of customer data, including personally identifiable information. Cyberattacks on APIs can compromise this sensitive data, resulting in data breaches, service disruption, financial losses, and reputational damage.
Compliance with data protection regulations, such as the General Data Protection Regulation (GDPR), the Lei Geral de Proteção de Dados Pessoais (LGPD) in Brazil, and other regulations in different Latin American countries, have prompted organizations to improve API security measures to protect personal and sensitive data from unauthorized access or disclosure.
For his part, Jairo Parra insisted that companies must safeguard consumer data, protect people and maintain their trust. "Failure to follow proper safety measures can have devastating consequences. In the event that APIs carry any information
related to payment cards, so it is very important that they meet the requirements and have a PCI certification."
Therefore, having a PCI certification and PCI compliant partners can bring benefits such as: higher level of data security, differentiated qualities compared to competitors, reduced risks, increased consumer trust, ease of becoming a supplier to large companies that handle card payments and getting ahead of others and shortening preparation for privacy regulations such as GDPR, LGPD and even Open Banking.
Eight Tips to Help Secure APIs
Cyberattacks on APIs can disrupt business operations, which can lead to financial losses and a negative impact on the overall economy. Given this reality, organizations in Latin America must take proactive steps to protect themselves and avoid setbacks
Economic.
Helder Ferrão recommended eight practices for secure API use to help companies create a thriving digital future for industries across the region.
1. Document all APIs in your API security controls to improve visibility.
2. Resolve misconfiguration issues in your APIs and implement processes to prevent future vulnerabilities from emerging.
3. Establish an API monitoring and threat hunting discipline to close security gaps before attackers can use them against you.
4. Choose a security solution that can mitigate a wide range of threats, from the top 10 API security risks according to OWASP to traditional web attacks.
5. Use security solutions that offer behavioral analytics to detect business logic misuse and other anomalies.
6. Use OWASP's guidance on coding practices to prevent the most common attacks.
7. Conduct regular vulnerability assessments and select a world-class security solution provider to support you.
8. Stay on top of emerging threats.
Finally, Helder Ferrão stressed that understanding the importance of cyberattacks on APIs in Latin America is essential to protect economies, comply with regulations, protect consumer data and preserve the reputation of the sector. By recognizing the impact of API attacks, organizations can address vulnerabilities and improve their overall cybersecurity posture.
