... one of the most common forms of preventing API threats, rate limiting, is often (more than 50 percent) ignored by enterprises," Agarwal said. “Some of the most notable API hacks, like the SnapChat hack in December 2013 where 300 million customer accounts were compromised, could have been prevented by implementing rate limiting."
API security is as much an issue for the business as it is for IT, with three in four (75 percent) of respondents saying API security was a CIO-level concern and 65 percent saying it is an issue for business managers.
The survey results do suggest opportunities for the channel, Agarwal said.
“Just as the rise of Internet and Web led to the rise of adoption of Web application firewalls and intrusion-detection firewalls, similarly we see an opportunity for API gateways to act as security gateways to secure enterprises from threats to their APIs," he said.
The survey suggests an “emerging digital divide" as high-performing companies embrace core digital capabilities and APIs to move ahead, said Roberto Medrano, executive vice president at Akana. Enterprises need to recognize and take steps to mitigate the additional threat vectors to which they may be exposing their data and organization, he said.
“The maturity level around API security is still not there, but we see an improving trend, with API security now becoming critical for (corporate-level) officers," Agarwal added.