Akamai(US:AKAM) Tai Mei Ti A P P·2025-05-26 08:22Core Insights - The report by Akamai highlights that China has the highest costs associated with API security incidents, amounting to $778,000 (approximately 5.68 million RMB) over the past year [2] - The report indicates a significant discrepancy in cost estimates between management and frontline employees, with management estimating costs at $517,000 and frontline employees estimating $920,000 [2] API Attack History - The evolution of API attacks can be categorized into four phases, starting from pre-2000 with internal API mechanisms and focusing on system vulnerabilities [3] - The second phase (2000-2010) saw the rise of standardized APIs with SOAP, introducing risks like XML injection and man-in-the-middle attacks, followed by the adoption of RESTful APIs which led to session hijacking and token leakage [3] - The third phase post-2010 was marked by the rise of cloud computing, where APIs became core digital assets, but many shadow APIs emerged, leading to DDoS attacks and data breaches [3][4] - The current phase involves the integration of generative AI, where API calls are essential for business applications, shifting more security responsibilities to cloud service providers [4] API Attack Statistics - From January 2023 to June 2024, the Asia-Pacific region recorded 108 billion API attacks, accounting for 15% of all web attacks [5] - In China, 27.6% of respondents prioritized "protecting APIs from attacks" as the top cybersecurity concern, significantly higher than other countries [5] Current API Security Challenges - Common vulnerabilities in API applications include misconfigurations, lack of interception by firewalls, and authorization flaws, with API misconfiguration being the most prevalent at 22.3% [6] - The primary types of API attacks currently include injection attacks, unauthorized access, and DDoS attacks, as evidenced by the attacks on DeepSeek and other major models [6][7] Recommendations for API Security - Companies should reach a consensus on the causes, impacts, and priorities of API security incidents [9] - Suggested strategies include enhancing API discovery and monitoring capabilities, improving API testing, maintaining thorough documentation, and utilizing runtime detection tools [9][10] - Organizations are encouraged to integrate API security solutions with existing security products to identify high-risk behaviors and intercept suspicious traffic [10]