API Security , Video

Overcoming the Inertia of Assessing and Securing APIs

Traceable AI CSO Richard Bird on Best Practices for Fighting API-Based Attacks
Richard Bird, chief security officer, Traceable AI

Large enterprises may have hundreds or thousands of APIs. Concerns over API vulnerabilities have been around for years, but most organizations outside of highly regulated industries such as banking have not taken the steps to understand the threats they face, said Richard Bird, CSO at Traceable.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

"There's a huge amount of inertia and friction to try and orient your organization toward solving for API issues," Bird said. "And yet, the bad actors are moving extremely quickly and discovering even more interesting, new ways to leverage APIs to do bad things."

For example, Bird said, he recently observed a bad actor employing API volumetric attacks, application hacks, DoS attacks and fraudulent account creation - all in one campaign, which succeeded in stealing data. "When you think about how security organizations are structured over the last 20 years, we are almost singularly focused on a plane of attack or a point of attack," he said.

In this video interview with Information Security Media Group at Black Hat USA 2023, Bird discussed:

  • Why API vulnerabilities are so hard for large enterprises to tackle;
  • How bad actors are exploiting APIs;
  • Best practices for securing APIs.

Bird has nearly 30 years of experience in the cybersecurity and IT operations industry. He has been a CIO and a CISO, and he is the former global head of identity for JPMorgan Chase. Bird has held multiple C-level roles advising organizations of all sizes and served as the chief customer information officer for Ping Identity, building security solutions for the market as a chief product officer.


About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.