Looking forward to 2024, we can confidently make some predictions based on our ongoing analysis of API attacks and the behavioral changes we are seeing as attackers refine their strategies. One thing we can be sure of – as organizations continue to increase their reliance on APIs to share data between applications, cybercriminals will continue to attack those APIs, and API security will continue to be a leading focus for security and IT teams.
New & Improved Data-Sharing Regulations
Consumer-centric industries, including finance, retail, and healthcare, will face increased scrutiny and regulation over their data-sharing practices. As the once nascent consumer protection rules mature, agencies and watchdogs will put into place more detailed requirements as well as penalties for non-compliance. Earlier this year, the Consumer Financial Protection Bureau (CFPB) published a new rule that reshapes data handling practices in the financial sector including API security, and we’re expecting others in 2024 in relevant industries.
Generative AI: More Controls, and Secure Data Sharing
Now that generative AI has hit the mainstream, organizations are thinking about how to utilize AI to increase efficiency. With those thoughts come fears about sharing data with large generative AI platforms such as ChatGPT. Looking forward to 2024, we expect to see organizations and vendors build contextual large language models (LLMs) on smaller, focused datasets. However, there are also situations where data sharing as it pertains to AI is in the organization’s interest. Organizations need to be comfortable sharing data with AI engines to make the most of them, and we’re expecting great strides to be made in 2024.
CISO -> CR(isk)O
The role of the chief information security officer (CISO) is making a significant transition, evolving beyond a strictly technical role into a more comprehensive business role, speaking the language of risk to boards, leadership teams, and investors. One can envision the role evolving into something akin to a chief risk officer (CRO). Cyber risk continues to broaden and expand throughout the business, there’s a need for a role that takes a broader role in shaping company strategy. Success in the role will require a broad skillset with an understanding of both the business side and the technical side, as well as governance, risk, and compliance (GRC).
In 2024, newly minted Chief Risk Officers will actively participate in the company’s overall business strategy, providing valuable insights on risk mitigation and cybersecurity implications. The executive team and board of directors will lean on them and their expertise to guide them through the evolving cybersecurity landscape and ensure that the company, its assets, and its customers are protected.
Shadow APIs will Continue to be an API Security Focus
The number of unique API security threats seen in 2023 by Cequence’s CQ Prime Threat Research team has already exceeded that of last year, and we can expect that trend to continue in 2024. The combination of persistent attackers and the proliferation of insecure and undocumented APIs all but ensures an increase in threats. Now more than ever it’s critical for organizations to know how many APIs they have, where they are, ensure they’re compliant and secured, and be able to identify and block attacks as they happen.
Threat Actors will Play the Long Game in 2024
Over the past few years, we’ve seen an increase in persistent threats with threat actors adopting a more protracted “long game” strategy. Instead of deploying flashy, high-impact attacks, these actors will increasingly target organizations with subtle, low-and-slow tactics that gradually infiltrate systems and steal valuable data, often incorporating pubic-facing APIs into their attack plan. These attacks are designed to build trust and credibility over time and necessitate increased vigilance and focus on API security throughout the year.
Ringing In the New Year
As dynamic as the last several years have been, we’re still expecting a lot of changes in API security and the API landscape in 2024. Organizations can prepare themselves by ensuring that they’re on top of their APIs and have the right technology, process, and procedures in place to protect them. The Cequence Unified API Protection platform helps organizations manage all facets of the API security lifecycle – get a free API security assessment today and be ready for what comes next in 2024.
Never miss an update!