Home Industry News API Incidents on the Rise: Survey Finds 41% of...

API Incidents on the Rise: Survey Finds 41% of firms affected


In 2023, firms of all sizes will continue to be concerned about supply chain cybersecurity risks. These risks are more prevalent than ever, partly because of the difficulty in maintaining supply chain visibility and even defining one due to complex IT ecosystems.

In addition, growing digital transformation efforts increase dependency on third-party apps and code (e.g., open-source projects and commercial SaaS apps). This article outlines several significant supply chain dangers that you should be mindful of and advice for ensuring strong supply chain security in 2023.

Threat actors frequently exploit loopholes in an organization’s software supply chain to launch supply chain assaults. This risk was demonstrated by a zero-day vulnerability in a Java logging framework, which immediately put thousands of users at serious risk of a breach.

Supply chain threats can take many forms, but open source risks are increasing as more businesses rely on their pre-built functions when working on fast-paced development projects.

It’s important to be aware of this threat, whether from malicious or insecure code hidden in widely used open-source libraries or frameworks or from shoddy security in open-source projects. Communicate with developers on the importance of thoroughly verifying their chosen open-source projects.

API breaches

Application programming interfaces (APIs), which businesses use to enable various apps to communicate with one another, are a crucial component of today’s seamless application ecosystem. Many companies rely on these APIs, whether from payment processing systems connected to their websites or other important apps essential to their core company operations.

A supply chain vulnerability arises when APIs created by other organizations provide hackers a chance to attack your company or access your data. APIs are also vulnerable to security threats. According to a survey conducted in 2022, 41% of firms had API incidents in the preceding year.

Island hopping

Island hopping is a wonderful way to spend a holiday outside of cybersecurity. Yet, its darker connotation in cybersecurity refers to a specific supply chain hazard. In an island-hopping assault, the adversary targets weak third- and fourth-party partners to undermine the cyber defenses of a much bigger firm. The distinguishing feature of island hopping is how adversaries jump between multiple links in the supply chain until they can compromise their target. These types of attacks exploit digital supply chains’ complex, interwoven nature.


Threat actors aim to exploit the trusting connections between companies and their numerous partners and suppliers. Exploiting this trust to conduct fraud is a tried-and-true tactic. This threat could worsen as social engineering tactics refine and target specific individuals.

Exploiting relationships in the supply chain is very successful with spear phishing techniques. Hackers can spoof the domains of commercial providers or hide on domains with minor misspellings. The threat actor can then send emails asking for payment to be made to a specific bank account under their control while posing as the provider and sending the emails. Physical security risks also play a part in fraud; impersonating a reliable provider can deceive employees into allowing unauthorized personnel into your premises.

Related Posts

Latest Updates

Police Arrest 7 People in Oil Theft Syndicate in...

The Jambi Regional Police's Directorate of General Criminal Investigation has unveiled a theft syndicate involving stolen oil condensate from an Indonesian state-owned oil and...

Health Concerns Arise After Toxic Train Derailment

In February of this year, a train operated by Norfolk Southern derailed in the small village of East Palestine, Ohio, while transporting hazardous chemicals. Following...

Delhi Crime Branch Cracks Down on Counterfeit Spare Parts...

The Delhi Police's Crime Branch has initiated legal action after receiving a complaint from automobile companies regarding producing and selling counterfeit spare parts bearing...