Black Hat Fireside Chat: In a hyper-connected world, effectively securing APIs is paramount

By Byron V. Acohido

APIs. The glue of hyper connectivity; yet also the wellspring of risk.

Related: The true scale of API breaches

I had an enlightening discussion at Black Hat USA 2023 with Chief Security Officer Richard Bird about how these snippets of code have dramatically expanded the attack surface in ways that have largely been overlooked.

Please give the accompanying podcast a listen. Traceable supplies systems that treat APIs as delicate assets requiring robust protection. At the moment, Bird argues, that’s not how most companies view them.

All too many organizations, he told me, have no clue about how many APIs they have, where they reside and what they do. A good percentage of APIs, he says, lie dormant – low hanging fruit for hackers who are expert at ferreting them out to utilize in multi-stage breaches.

Companies have been obsessed with using APIs to unlock business value while turning a blind eye to API exposures.

Guest expert: Richard Bird, CSO,

What’s more, APIs continue to  fuel speedy software development in an environment where standardization has been absent, Bird told me.

“There hasn’t been a lot of motion around the idea of developing boundaries and protocols from an industry standpoint,” he says.

The Biden-Harris Administration has stepped forward to stir the pot.

“Compliance is implied and inferred in the most recent executive orders and in other items coming out of NIST and the SEC,” Bird noted. “They’re basically saying, ‘Look, you have this data transport capability with APIs, so you need to include them in your security requirements.’ ”

The transformation progresses. I’ll keep watch and keep reporting.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone