I feel like I’ve been ignoring security news, so let’s discuss some key ones.
I’ve seen multiple discussions of APIs lately – well, Imperva has released “Quantifying the Cost of API Insecurity,” a new study that uncovers the rising global costs of vulnerable or insecure APIs. The Marsh McLennan Cyber, Risk Analytics Center survey found that larger organizations were statistically more likely to have a higher percentage of API-related incidents. Enterprises with revenues of at least US$100 billion were 3-4x more likely to experience API insecurity than small or midsize businesses.
The study also discovered substantial disparities between industries. IT, professional services, and retail will most likely suffer API-related security incidents. Those industries dominated the risk.
New warnings about MedusaLocker – who are using RDP as their primary entryway. The CISA and FBI warning highlights this approach, as the group operates with a ransomware as a service model. The FBI and M15 have also issued a very sharp warning about China in a joint address. Quote “ The Chinese government is set on stealing your technology—whatever it is that makes your industry tick—and using it to undercut your business and dominate your market.”
Why do we care?
China coming for your business was not on my 2022 bingo card. The warning is rather product-oriented yet still resonates for service organizations. What can be stolen in your organization that would result in a competitive disruption?
I included the API data as it’s related to the move to the cloud. In my mind, not YET a small and midsize business problem. Sure, you have enough on your plate to worry about; just know that the lead value in helping customers with the cloud is the integration of cloud systems, and thus this area of API security.