50% of orgs report experiencing data breaches due to exposed API secrets 

API vulnerabilities are a serious issue that can’t be overlooked. Just one API vulnerability led to the breach of 5.4 million Twitter users’ data, and cybercriminals are well aware that all they need to gain access to an organization’s personally identifiable information (PII) is to harvest the right secrets. 

In fact, new research released today by API security vendor Corsha Inc. — a survey of more than 400 security and engineering professionals — found that 53% have experienced a data breach to networks or apps due to compromised API tokens. 

The report also found that organizations are struggling to manage API secrets, with 86% spending up to 15 hours a week provisioning, managing and dealing with secrets. 

This highlights the fact that organizations are in need of a more scalable approach to managing API secrets if they want to continue to operate in hybrid cloud environments while minimizing the risk of intrusions from threat actors. 

Secrets management in the age of API explosion 

Widespread API exploitation is coming amid an explosion in APIs, with 51% of developers and API professionals reporting that more than half of their development effort is spent on APIs. This is up from 40% in 2020 and 49% in 2021. 

Each one of these entities has secrets that need to be secured — otherwise a skilled hacker can harvest them and gain access to the data processed by an API. 

“The explosion of APIs over the last few years, the increase in automated pipelines, microservices and movement to cloud brings along the explosion of secrets needed to secure communication across these APIs,” said Anusher Iyer, Corsha CEO. 

Secrets management provides an answer to this explosion by automating the provisioning, managing and rotation of secrets so that organizations don’t have to manually circulate disparate keys, tokens and certificates.  

“Secrets management is vital to the security of who and what is accessing your APIs,” said Iyer. “For many organizations, it’s the best way to safeguard their secrets in a secure, automated fashion, while also maintaining the hygiene needed to minimize any risk that might be associated with leaked and compromised credentials.”