Cyber Defense eMagazine February Edition for 2023

More documents

Recommendations

Info

Vulnerabilities to Cybersecurity Threats and Data Breaches to Become More Pronounced, prompting Swift Regulatory Action With the virtual ecosystem spawning prolifically, businesses have migrated all operations to the internet, relying on cloud-based solutions to assimilate, store and manage data. Moreover, key industries are leveraging APIs to safeguard critical information. Naturally, they are becoming easy targets for malicious entities looking to exploit the data to achieve nefarious goals. Hence, beefing up API security is of utmost concern. As per findings reported by Salt Security, over 90% of organizations reported experiencing security problems in production APIs in 2022. Furthermore, almost 1/5 th of survey respondents admitted that their organizations experienced a breach resulting from insecure APIs. In fact, the FBI was the most recent victim of an API breach. In December 2022, a database containing contact information of over 80,000 members of its InfraGuard wing were up for sale on an underground hacking forum. The data was put up for sale on Breached, an English-language cybercrime forum, for US$ 50,000. Likewise, Australian wireless service provider, Optus, suffered a massive data breach, exposing 9.8 million customer records, including driver’s licenses, passports and Medicare ID numbers, besides names, phone numbers and e-mail addresses. Such vulnerabilities and breaches are expected to push for faster regulatory action. This is expected to assume shape of a stringent cybersecurity rule for publicly traded companies in the U.S in 2023 implemented by the U.S Securities and Exchange Commission (SEC). The proposed rules aim to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and cybersecurity incident reporting by public companies that are subject to the reporting requirements of the Exchange Act. Greater Penetration of Artificial Intelligence and Machine Learning in APIs While artificial intelligence and machine learning have penetrated almost every industry domain, their potential in strengthening APIs is yet to be explored. This trend is expected to gain major traction throughout 2023. Given their automated nature, predictive capabilities and contribution towards improving business efficiency, both AI and ML have emerged as path-breaking technologies. The most straightforward use of AI/ML is to generate API calls or server code on behalf of a programmer. Solutions like GitHub Copilot can create code stubs, reducing developers' need to write the API calls boilerplate. As a larger corpus of API calls is needed, this approach is primarily suitable for public APIs. A good API design is a function of developer experience and operational efficiency. Algorithm-guided API design can improve the efficient layout of resources. Traffic recording and profiling information from API observability tools already provide valuable insights and can be the input for the AIguided API design. AI can also aid in designing APIs from the ground up, mapping the use cases into correct API protocol/style semantics. For example, from the operation name "make payment," the algorithm may infer an unsafe, idempotent operation and, therefore, the POST HTTP method. Currently, the most mature area is using AI/ML algorithms to analyze valuable information from the API traffic. For example, an algorithm can check whether there are sensitive data in the traffic or when a Cyber Defense eMagazine – February 2023 Edition 76 Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
malicious communication pattern threatens your systems. The existing tools already help security, DevOps, and compliance teams in their work. Financial Services to Serve as a Key Operational Area for API Security Platforms Financial services are expected to represent the maximum applications of API security protocols and interfaces in 2023. Studies have revealed that the financial sector has been lagging behind the most when it comes to incorporating API security, representing a mere 5% of all applications. Fortunately, an unseen benefit is expected this year, with some studies already establishing that penetration has already risen to the tune of 125% since 2020. The Federal Financial Institutions Examination Council (FFIEC) has already issued guidance governing securing authentication and access to financial institutions’ services and systems, including APIs. The guidelines aim to provide financial institutions with examples of effective risk management principles and practices for access and authentication. These principles and practices address business and consumer customers, employees, and third parties that access digital banking services and financial institution information systems. This Guidance acknowledges significant risks associated with the cybersecurity threat landscape that reinforce the need for financial institutions to effectively authenticate users and customers to protect information systems, accounts, and data. It also recognizes that authentication considerations have extended beyond customers and include employees, third parties, and system-to-system communications. In 2023, these regulators will increase their expectations around financial institutions’ API security. With their motherlode of rich customer data and transactions, banks, fintech companies, insurance companies, and other financial institutions represent a favorite attack target for hackers. In addition, the industry must develop a scalable approach to API security if it is to move forward with open banking. Open banking, which provides third parties with access to financial transaction data, is completely powered by APIs. APIs to Offer a Shot at Innovation with Regard to Security Services API security is a Greenfield opportunity that leading chief information security officers will exploit to choose and implement the best frameworks, processes, and tools for their organizations. Those that move ahead proactively to implement solutions, such as platforms that enable automated AI discovery, cataloguing, management, and real-time attack detection, will achieve significant improvements in security and risk mitigation. They will also integrate API security testing into pre-production processes, enabling developers to scan and remediate APIs before they are deployed. By doing so, they will enable teams to use DevSecOps processes to develop and deploy applications at pace, without increasing their organizations’ attack surface. Cyber Defense eMagazine – February 2023 Edition 77 Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Time to Build an Unhackable Interne
Page 3 and 4:
Emerging API Security Trends: What
Page 5 and 6:
@MILIEFSKY From the Publisher… De
Page 7 and 8:
Welcome to CDM’s February 2023 Is
Page 9 and 10:
Cyber Defense eMagazine - February
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26: Cyber Defense eMagazine - February
Page 33 and 34: Banco Banrisul’s thirty-six domai
Page 35 and 36: Why Cybersecurity Remains a Persist
Page 37 and 38: Robust Cybersecurity is Essential f
Page 39 and 40: 1. Facing the Cyber Crisis No compa
Page 41 and 42: About the Author Amitabh Sinha is t
Page 43 and 44: 1. Risk Assessment Government agenc
Page 45 and 46: 8. Incident Response Plan Preventio
Page 47 and 48: This is what happened to Dropbox la
Page 49 and 50: trust and growth, the board can hel
Page 51 and 52: etween governments and operators wi
Page 53 and 54: Accelerating Machine Learning Advan
Page 55 and 56: Secondly, MLOps platforms record al
Page 57 and 58: Cybercriminals Are Ramping Up Their
Page 59 and 60: Organizations should follow best pr
Page 61 and 62: 7 Biggest Cyber Attacks of 2022 By
Page 63 and 64: 4. Ex-Amazon worker convicted over
Page 65 and 66: About Salt Communications Salt Comm
Page 67 and 68: saw this most recently through a ra
Page 69 and 70: CPRA/CCPA Compliance in A Cloud-Fir
Page 71 and 72: having an excessive amount of permi
Page 73 and 74: In the coming months and beyond, on
Page 75: Emerging API Security Trends: What
Page 79 and 80: Free Consumer Apps Are Not Safe for
Page 81 and 82: But simultaneously - and unlike ema
Page 83 and 84: lives and works. The topic is tough
Page 85 and 86: and tendencies. The good question h
Page 87 and 88: others or the situation among some
Page 89 and 90: eing pushed into heavy criminalitie
Page 91 and 92: preparing and analyzing such a coll
Page 93 and 94: words, behind those high-tech crimi
Page 95 and 96: always make new and new damage if t
Page 97 and 98: References: [1] Djekic, M. D., 2017
Page 99 and 100: How Government Agencies Can Leverag
Page 101 and 102: The result leads to optimal perform
Page 103 and 104: A linchpin of Biden’s cyber-defen
Page 105 and 106: An effective observability platform
Page 107 and 108: Section 3553(h) of title 44, U.S. C
Page 109 and 110: Exchange (MX) and Name Service (NS)
Page 111 and 112: Looking Ahead to 2023: Cyber Trends
Page 113 and 114: we’re falling behind, especially
Page 115 and 116: Old vulnerabilities are not being d
Page 117 and 118: Insider Threats are a Primary Vulne
Page 119 and 120: The first step in insider threat mi
Page 121 and 122: “We’re happy to announce MIRACL
Page 123 and 124: The organisers of Europe’s most i
Page 125 and 126: usable by everyday people. I think
Page 127 and 128:
Quentyn Taylor, Senior Director Pro
Page 129 and 130:
SDR for Cyber Defense By Kaue Morce
Page 131 and 132:
Figure 2: Cyan SDR - from Per Vices
Page 133 and 134:
as it allows the SDR to capture and
Page 135 and 136:
Security at the Enterprise Edge: To
Page 137 and 138:
This behavior makes it essential to
Page 139 and 140:
Shields Up: Organizations Need to D
Page 141 and 142:
eport, domains with the terms “bi
Page 143 and 144:
The Anti-Fraud Frontline Predictive
Page 145 and 146:
Cloud vendors' features can be depl
Page 147 and 148:
About the author Ryohei Fujimaki, F
Page 149 and 150:
The resulting phishing sites mirror
Page 151 and 152:
The javascript code in which the da
Page 153 and 154:
The Top Secrets of CISOs By Pat McG
Page 155 and 156:
About the Author Pat has more than
Page 157 and 158:
The latest analysis shows that Nort
Page 159 and 160:
What Role Can AI Play in Data Objec
Page 161 and 162:
Avoiding bias Objectivity and credi
Page 163 and 164:
As more and more data moves to the
Page 165 and 166:
to know where a document or other r
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
CyberDefense.TV now has 200 hotseat
Page 181 and 182:
Books by our Publisher: https://www
Page 183 and 184:
Page 185 and 186:
show all

Cyber Defense eMagazine February Edition for 2023

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?