In the first month of 2024 , attempts to attack Web APIs impacted 1 in 4.6 organisations worldwide every week , marking a 20 % increase compared to January 2023 , highlighting the growing risk associated with API vulnerabilities . North America is the most impacted region with 1 in 4.3 organisations suffering such attacks on average per week . Africa had the largest rise in attacks compared to January last year , with an 85 % increase equating to 1 in 4.9 organisations impacted weekly .

Globally , education leads as the most impacted sector , with most sectors having a double-digit surge in attacks from last year . Meanwhile , cloud-based organisational networks experience a 34 % rise in attacks compared to the same period last year , and overtake on-prem organisational networks in the overall impact of API attacks , underscoring the evolving cloud threat landscape .

Exploits like the Fortinet Authentication Bypass and Ivanti ’ s zero- day vulnerabilities have had widespread impacts , with the latter involving unauthorised data access and the spread of crypto-miner malware , demonstrating the critical nature of securing APIs against emerging threats .

The report states that the landscape of cyber security is continuously evolving , with Web Application Programming Interfaces , APIs becoming a focal point for cyber attackers . APIs , which facilitate communication between different software applications , present a broader attack surface than traditional web applications .

The impact of these attacks is widespread across various industries , with education being the most targeted . The telecommunications sector saw the most significant increase in attacks , + 46 %, although most sectors also experienced a double-digit increase from last January , emphasising the urgent need for enhanced security measures across all sectors .

Moreover , as the cloud threat landscape evolves , cloud-based organisations face a growing threat of cyberattacks over web APIs . This January showed a 34 % increase in attacks on cloud-based organisational networks compared to the previous year , almost double the increase seen in on-premises networks .

Erick Njoroge , Check Point Security Engineer , East Africa

The impact of these attacks on cloud-based networks is now also higher overall than in on-premises environments , fuelled by organisations shifting their operations to the cloud along with web application APIs , making it an attractive attack vector .

This exposure is due to the inherent vulnerabilities within Web APIs that can lead to authentication bypasses , unauthorised data access , and a range of malicious activities . Despite the implementation of security measures by organisations , the existence of shadow APIs , those not officially created or secured by the organisation , poses additional risks , as does the adoption of third-party APIs , which may later reveal vulnerabilities that jeopardise all using entities . p

Top impacted countries in Africa

Country

Weekly average of impacted organization , Jan 2024 Kenya 1 out of 4 Mauritius 1 out of 5 Ethiopia 1 out of 5 Nigeria 1 out of 5 Ghana 1 out of 5 Namibia 1 out of 5 South Africa 1 out of 6 Zambia 1 out of 7 Mozambique 1 out of 7 Zimbabwe 1 out of 7 Morocco 1 out of 8 Uganda 1 out of 9 Cote d ’ Ivoire 1 out of 9

Top impacted industries in Africa

Industry	Weekly average of impacted
organization , Jan 2024
Wholesale and Distribution	1 out of 4
Telecommunications	1 out of 5
Financial Services	1 out of 5
Government	1 out of 6
Energy and Utilities	1 out of 6
Transportation and Logistics	1 out of 6
Industrial Manufacturing	1 out of 7
Education	1 out of 9
Hospitality , Travel , Recreation	1 out of 17

60 INTELLIGENTCIO AFRICA www . intelligentcio . com

Intelligent CIO Africa Issue 88 | Page 60

Check Point Software finds escalation of Web API cyberattacks in 2024 , Africa experiences 85 % increase YoY