ThreatX released the results of a survey which highlights the risk of API attacks on the consumer experience. Nearly every software application and mobile application uses, or is, an API. Attackers are increasingly focused on APIs and this focus pays off in the form of seized data that can be parlayed into financial returns or used as malicious leverage—on brands or their customers.
“APIs are a common part of enabling digital experiences in our daily lives, whether consumers realize it or not,” said Gene Fay, CEO of ThreatX. “The data gathered by our survey sheds light on how API security can affect brands and reinforces how core APIs are to peoples’ lives”
The risk of API attacks on the consumer experience
APIs facilitate much of the connectivity between applications that consumers enjoy daily. However, despite their easy-to-deploy nature, APIs are hard to control and easy for attackers to target. According to the survey, consumers are aware of the risk posed by APIs, with 91% of respondents reporting that they understand that their data is shared between connected applications, and only 45% of respondents reporting any hesitation before allowing access between applications.
As businesses take advantage of consumers’ desire for convenience, 62% of respondents reported an increase in business engagement via website or mobile app. However, this increased engagement requires the transmission of more personally identifiable information (PII) than in the past, which is a point of concern for consumers.
According to the survey, 72% of respondents said they would leave a brand if their banking information was exposed in a data breach and 68% would leave if their social security numbers were released. This in stark contrast to fitness data (7%), photos (27%) or home addresses (36%), for instance.
“With how convenient applications make our everyday lives, it’s no surprise to see consumers drawn to connecting their applications, even at the expense of security,” said Dave Howell, CMO, ThreatX.
Unfortunately for brands, 61% of survey respondents do not feel that security is a priority for brands, and only 26% believe that brands that have suffered a breach did everything to prevent an attack from occurring.
- 74% of respondents reported that they either have “minimal” or “no” influence to encourage brands to take their security more seriously.
- 65% of respondents would consider paying more for an application or tech that was marketed as “secure.”
- 30% of respondents reported that if a mobile, web application or piece of technology they purchased was down once per week for updates they would leave the brand.
- 56% of consumers report that they change their login credentials for accounts associated with the brand following a breach.
- When asked how they would respond after their brand of choice experiences a data breach, only 13% of respondents reported that they would stop using the brand.