International. Akamai refers to the importance of creating a secure ecosystem around APIs in high-growth verticals such as e-commerce, because they have become a key element for its operation.
E-commerce sales in Latin America were worth approximately $108.3 billion in 2023 and are expected to be around $200 billion by 2029. The region is home to approximately 300 million digital shoppers, a figure that is expected to grow by more than 15% by 2027. Regionally, Brazil and Mexico compete for the spotlight, accounting for 28.51% and 26.37% of the e-commerce market, respectively. However, other economies such as Argentina, Peru, and Colombia have begun to stand out due to their rapid growth.
Oswaldo Palacios, Latam Senior Account Executive at Akamai, highlighted that both online stores and marketplaces are the main users of APIs; Its main essence is that e-commerce can communicate optimally with the systems and applications of users and suppliers. For example, they are vital in the inclusion of a payment gateway that operates internationally without the need to use external suppliers or shipping APIs that are indispensable for efficient shipment management, ensuring that products are delivered on time and in the promised quality.
Given their importance and growth, API security should be a primary concern for organizations looking to protect vulnerable components of their infrastructure. APIs are increasingly in the spotlight, as evidenced by the steady increase in the number of attacks. In the Digital Fortresses Under Siege: Threats to Modern Application Architectures report, Akamai notes that it observed more than 26 billion web attacks against applications and APIs in the month of June 2024 alone, and that these attacks increased by 49% over the last year.
"The commerce sector is a priority target for cyberattacks due to the huge amount of personal and financial data that is exchanged online; It relies heavily on technology to transact and store customer information, making it vulnerable to cyber threats. Cybercriminals often target retailers and online payment processors to steal sensitive data or disrupt business operations," the expert opined.
Specifically, the commerce sector was the victim of the highest number of attacks on API and Web applications (164,000 million), with more than double the number of attacks observed in the high-tech sector (59,000 million), from January 2023 to June 2024, according to Akamai's SOTI 2023 report, Slipping Through the Security Gaps: The Rise of Application and API Attacks.
According to Oswaldo Palacios, when compromised, APIs can provide unauthorized access to confidential information, which can have a series of repercussions, including data theft and fraud. However, the ramifications of API attacks are not limited to data loss, but extend to the erosion of customer trust, brand and reputational damage, and potential compliance issues.
The most common API attacks include several known attack vectors, such as: machine-in-the-middle (MITM) attacks, DDoS attacks, SQL injection attacks, insecure API key generation, as well as broken access controls that allow attackers to gain access to privileged features, modify or delete website content, or steal sensitive data.
Best practices for e-commerce to secure APIs
The expert warned that as APIs continue to be created and used to connect business functions, more faulty APIs appear in the system, making the commerce sector a lucrative target for malicious actors. By recognizing the impact of API attacks, e-commerce businesses in Latin America can address vulnerabilities and improve their overall cybersecurity posture.
As technology continues to advance, cybersecurity will play an even more crucial role in protecting businesses and consumers alike. Akamai advised LATAM e-commerce businesses to follow these best practices for the safe use of APIs, which will help build a thriving digital future.
- Document all APIs in your API security controls for better visibility.
- Address misconfiguration issues in your APIs and implement processes to prevent future vulnerabilities from arising.
- Establish an API monitoring and threat hunting discipline to close security gaps before attackers can use them against you.
- Choose a security solution that can mitigate a wide range of threats, from OWASP's top 10 API security risks to traditional web attacks.
- Use security solutions that offer behavioral analytics to detect business logic abuses and other anomalies.
- Take advantage of OWASP's guidance on coding practices to prevent the most common attacks.
- Conduct regular vulnerability assessments and select a world-class security solution provider to support you.
- Stay on top of emerging threats.
Finally, Oswaldo Palacios called on e-commerce companies to know how their APIs behave even within their firewall. Also, partner with a security vendor that has visibility into a large API ecosystem beyond your own, which will help protect your overall security posture.
