APIs are placing your enterprise at risk
At a surface level, APIs help businesses to connect applications and share data with one another. This creates an easier, more seamless experience for customers and users. If you have ever used your Google account to log into multiple sites or apps, chances are you are using a Google-developed API to do so. APIs like this work in the background to power much of the streamlined user experience that is taken for granted. Therefore we need to ensure stronger API security across mobile apps, or all of their benefits will be for naught.
Stolen API keys are the culprit behind some of the largest cyberattacks to date. We see the headlines and we read the news stories, but we often fail to realize the broad consequences – particularly the notable impacts on enterprise mobile security. Consider the news earlier this year of 3,000+ mobile applications leaking Twitter’s API keys, meaning bad actors could compromise thousands of individual accounts and conduct a slew of nefarious activities.
Imagine if this was your company and the role was reversed and hundreds or even thousands of mobile applications were leaking the API keys to your corporate Gmail, Slack or OneDrive accounts. If this or similar scenarios were to happen, employee devices and sensitive company data would be at extreme risk.
The recent push to focus on API security comes at a critical time where more enterprises are relying on enterprise mobility, meaning increasing a reliance on mobile app connectivity. A recent survey of US and UK-based security directors and mobile applications developers found that 74% of respondents felt mobile apps were critical to business success. Further, mobile apps were also found to help businesses both earn revenue and enable customers to access services.
Additionally, 45% of respondents in this same survey said that an attack against APIs that took a mobile app offline would have a significant impact on their business. These results only affirm what we already know – mobile apps are critical to enterprise mobility and productivity.
API security risks can lead to full device takeover
While APIs have many advantages, their ubiquitous use in mobile applications is also a glaring…
