Asia Pacific (APAC) organizations are increasingly relying on artificial intelligence (AI) and machine learning (ML) enabled solutions to tackle a wide array of security challenges around application programming interfaces (APIs), according to F5 research revealed on Wednesday.

The multicloud application security and delivery company said in its inaugural 2024 Strategic Insights: API Security in APAC report, with APIs increasingly being the point of attack for cybercriminals, one in five APAC organizations have adopted AI/ML technologies to detect and mitigate sophisticated threats, such as server-side request forgery (SSRF), that may be overlooked by traditional security measures.

API gateways (20 percent) are also widely adopted by organizations across the region for strong access control and to mitigate a broad spectrum of vulnerabilities such as unrestricted access to sensitive business flows, according to the report.

“Applications have become the front door to cybercrime, and cybercriminals increasingly use APIs as the key,

“Across the APAC region, we have seen more attacks, with increasing speed, scale and sophistication as cybercriminals leverage AI-powered tools,” said Mohan Veloo, Chief Technology Officer for Asia Pacific, China and Japan, F5.

As such, he opined that protecting API connections and the data that runs through them has become the critical security challenge for APAC organizations, especially with many looking to deliver AI.

While APAC organizations look to protect their APIs during runtime, the report showed many also increasingly recognize the importance of guarding APIs right from development.

It noted having robust code security standards and practices (18 percent) has emerged as a fundamental strategy among the region’s organizations to guard APIs against a broad range of complex vulnerabilities, from Broken Object Level Authorization and Security Misconfiguration issues to SSRF.

The report also showed APAC faces unique API security challenges compared to the rest of the world.

It noted security challenge rankings by APAC organizations diverge from global OWASP rankings, with broken authentication, server-side request forgery, and security misconfiguration emerging as top concerns.

This is driven by widely used REST/RPC technologies, high use of internal APIs and diverse deployments across the region.

According to the report, security testing and access control are top priorities in the API security lifecycle for APAC organizations.

This emphasis underscores the importance of preventative measures to mitigate risks associated with unauthorized access and ensure robust API security before deployment.

APAC organizations took a balanced approach towards runtime protection and discovery, with posture management ranking lowest in priority, said the report.

Meanwhile, APAC is maturing in its approach to API security testing.

The report showed organizations are balancing traditional methods like static application security testing (SAST) (54 percent) and dynamic application security testing (DAST) (51 percent) with emerging strategies such as active API security testing (51 percent).

This reflects an industry-wide recognition of the importance of diverse testing strategies.

The report also showed controlling external users is the top concern in API access control.

It is noted that APAC organizations cited heightened concern over potential risks from external entities (59 percent).

Other priorities include compliance with established standards (54 percent) and secure app-to-app interactions (49 percent).

This reflects trends toward increasing connectivity and highlights the importance of comprehensive security frameworks to address evolving API risks effectively.

The report also showed strong focus on protecting data against leakage and tampering.

Data leakage (53 percent) is the highest priority concern for APAC organizations in API run time protection, underscoring the urgency in protecting sensitive information.

There’s also an industry-wide emphasis on maintaining data integrity (28 percent) and protecting sensitive information through detection and masking techniques (23 percent).

Meanwhile, critical emphasis placed on discovering high-risk APIs and monitoring API usage, said the report.

It noted that APAC organizations are most concerned with identifying APIs that could expose sensitive data or vulnerabilities (63 percent) and understanding API usage patterns to detect unusual patterns that could indicate breaches or misuse (56 percent).

Zombie APIs (42 percent) and Shadow APIs (39 percent) are slightly lower in priority but remain significant concerns.

To evaluate the current landscape of API security in APAC, Twimbit conducted research on behalf of F5 in the first half of 2024, surveying 297 professionals from various sectors, including security, DevOps, SecOps, and application development.

Respondents were distributed across 11 APAC markets: Australia, China, India, Indonesia, Japan, Korea, Malaysia, New Zealand, Singapore, Taiwan, and Thailand.

Organizations report a four-fold increase in the deployment of generative AI since 2023