By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: Rush to digitalisation has made cyber threats tougher to track: Imperva CEO
Share
Font ResizerAa
TechgoonduTechgoondu
Font ResizerAa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Cybersecurity > Rush to digitalisation has made cyber threats tougher to track: Imperva CEO
CybersecurityEnterprise

Rush to digitalisation has made cyber threats tougher to track: Imperva CEO

Alfred Siew
Last updated: October 11, 2023 at 9:28 AM
Alfred Siew
Published: October 10, 2023
5 Min Read
SHARE
Imperva chief executive officer Pam Murphy. PHOTO: Imperva

The accelerated pace of digitalisation in recent years, with the help of interconnected software systems, has exposed businesses to cyber threats that are harder to trace and track, says cybersecurity firm Imperva.

In particular, the move towards micro services and application programming interfaces (APIs) which allow developers to quickly create new features for digital services and improve customer experiences needs to be better managed, said the company’s chief executive officer, Pam Murphy.

With the pandemic forcing many businesses to rush out digital services, many now have to deal with hundreds, if not thousands, of APIs that may become huge loopholes for hackers to exploit, she pointed out. “Now, API insecurity is a big thing.”

In a nutshell, APIs connect up different software applications, for example, an e-commerce website with a credit card payment gateway, to enable users to transact online.

However, these new pieces of software, like any other, often come with vulnerabilities that cyber criminals can exploit. For example, they can connect to an API that is not properly secured and steal data by pretending to be a friendly application seeking that information.

They can also set up bots that mimic human users to interact with APIs that are none the wiser, so they can, say, jump the queue online to buy exclusive tickets, limited-edition sneakers or other rare items that are worth a lot in the resale market.

In 2022, such bad bots took up more than 30 per cent of all website traffic, with “good bots” set up by businesses accounting for about 17 per cent and humans about 53 per cent, according to Imperva.

Such a huge volume of bad bots exploiting a large number of APIs that businesses have been relying on means many potential cybersecurity breaches. Worse, businesses often do not know how exposed they are.

“When prospects come to us, the number one issue is “I don’t know how big of a problem I have”,” said Murphy, who spoke to Techgoondu during a recent visit to Singapore.

“They would say the biggest issue is they don’t know how many APIs they have,” she added. “These could connect to a data store or to business logic.”

Like many other security solutions, Imperva’s API security tools start with discovery. After all, you cannot protect what you don’t know.

“The reality is that the typical customer (we see) today has structured data, semi structured data, unstructured data… and all that data is in AWS (Amazon Web Services), GCP (Google Cloud Platform), and (Microsoft) Azure and others are on-prem,” said Murphy.

“We help customers analyse their entire spectrum and perimeter, where APIs are and from there, you can move to identify which are sensitive (such as data) and which are risky and then move to protect them,” she added.

“We always identify 10x more (APIs) in reality from what people first tell us,” she noted. “It’s the way DevOps and engineering teams work now… they are under pressure to develop digital capabilities quickly.”

Indeed, one dirty secret of today’s digital services development is that the “dev” part of DevOps often takes on more importance for many businesses than the “ops” part, since maintenance is not seen as a breakthrough.

Unfortunately, this means teams could end up not documenting issues or being diligent in resolving software bugs, which later often result in vulnerabilities. Speed to get a digital service out the door has often come at the cost of security issues later.

To be sure, the rush to connect up via APIs offers a valuable lesson to businesses that are now rushing to adopt the next big thing – AI – in their operations as well.

Generative AI is useful to help businesses take on more technical tasks by using natural language instead of typing in a command but it can also be used by the bad guys, said Murphy.

Generative AI can be used to mimic human behaviour and trick cyber defences into thinking they are human, she noted.

“The AI models will get smarter and we have to step up investments to make sure that generative AI will not threaten our defences in future,” she added.

Q&A: While collecting more data, Asia-Pacific organisations need to make better use of it, says Pure Storage
Software that monitors work in real time seeks to help women rejoin workforce
AR, VR spending in Asia-Pacific to soar 141 per cent to US$11 billion in 2018: IDC
Parallels bets on rich yet easy experience on mobile devices
Want a S$40 “computer”? Join the queue for the Raspberry Pi
TAGGED:API securitybad botDevOpsImpervaPam Murphytop

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Whatsapp Whatsapp LinkedIn Copy Link Print
Avatar photo
ByAlfred Siew
Follow:
Alfred is a writer, speaker and media instructor who has covered the telecom, media and technology scene for more than 20 years. Previously the technology correspondent for The Straits Times, he now edits the Techgoondu.com blog and runs his own technology and media consultancy.
Previous Article Zoom bets on AI for next-generation collaboration
Next Article Green tropical data centre testbed gets boost with Schneider Electric collaboration
Leave a Comment

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

FacebookLike
XFollow

Latest News

Promising speed and better coverage, Singtel 5G+ targets premium users
Mobile Telecom
May 15, 2025
Fujifilm GFX100RF review: Fun medium-format street photography camera
Imaging
May 14, 2025
Looks over AI? Samsung pitches slimmed-down Galaxy S25 Edge
Cellphones Mobile
May 13, 2025
Stunning AI advancements could transform healthcare, education and agriculture globally: Bill Gates
Internet
May 7, 2025

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
© 2024 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact
Join Us!
Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?