Why You Need to Wake Up to API Security Vulnerabilities

Expert Richard Bird on the 'Chaos' of API Security and How to Find and Fix Bad APIs
Richard Bird, CSO, Traceable AI

APIs represent the best and the worst of times - "massive amounts of business value, but massive amounts of unmitigated risk," says Richard Bird, CSO at Traceable AI. In the past year, misconfigured or error-prone APIs resulted in high-profile breaches at Twitter and T-Mobile. Bird fears that's just the tip of the iceberg.

See Also: Breaking Down Silos With a Holistic View of Security, Risk

"APIs are so desirable from an attacker's standpoint because they have a number of characteristics that allow them to be leveraged for multiple different types of attacks," Bird says.

The problem for most large enterprises is that developers have created huge numbers of APIs to perform various business functions, but they have no way of tracking them. "For most companies, there's little to no baseline measurement, understanding, cataloguing or inventory about what the original and initial purpose was - and the entirety of purposes - for an API," he says.

His message to security organizations who have not started managing API security is that they had "better move really fast."

In this video interview with Information Security Media Group, Bird discusses:

  • Recent major cybersecurity incidents in which attackers have exploited API vulnerabilities;
  • Why APIs are so vulnerable and why threat actors are targeting them;
  • What good API security looks like and how to avoid mitigation missteps.

Bird is a multi-time C-level executive in both the corporate and startup worlds. He is internationally recognized for his expert insights, work and views on cybersecurity, data privacy, digital consumer rights and identity-centric security.

About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.