This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with Giora Engel, CEO & Co-Founder, Neosec.
How have cyber attacks evolved over the past 12 months?
The past 12 months have seen an inflection point where attackers changed their behavior from focusing primarily on data centers and enterprise networks to targeting the application environment, and specifically APIs. While Gartner has predicted that in 2022 the majority of attacks will involve APIs, we see the change already underway. The reason is that the digital transformation has seen a massive increase in the adoption of APIs and microservices. Why are they under attack? Simple, they are open in nature and give attackers a large attack surface to evaluate and, more worryingly, they are largely undefended.
What lessons can be learned from the biggest cyber attacks in recent history?
We are seeing APIs being exploited in a variety of ways. Attackers are finding that targeting APIs gets them faster access to the data and the ultimate incentives for their behavior. This speed to abuse is because APIs are open to the outside by design and directly connect to the core business. This access to the core business is what worries security practitioners. Organizations are moving quickly to build new business processes using APIs but determining how to protect these business processes, and the APIs that facilitate them, is playing catch-up. The harsh reality is that practically all organizations are unprepared and don’t even have an inventory of their APIs, let alone plans to identify malicious behavior within them.
What will cyber attacks look like in the future?
The trend that we are seeing now will continue and the vast majority of attacks in the future will focus on the applications environment and abuse existing exposed APIs. Security is at the beginning of a major evolution and new security techniques will take over. Traditional security products protected the datacenter. But the datacenter is disappearing and these new business systems, applications, APIs, and microservices are now elsewhere. The ability to protect this new style of application and the APIs is going to be paramount.
What are three pieces of advice for organizations looking to get ahead of the cyber attacks of the future?
- Step 1 – Make sure you have the right visibility and logging in your api environments.
- Step 2 – Build a continuous inventory of your APIs and find out which carry sensitive data, and audit your security posture.
- Step 3 – The ability to detect attacks or abuse when it happens. Focus on what’s important for the business and understand what is normal versus abnormal. Behavioral analytics of API traffic is essential.