Intelligent CIO LATAM Issue 44 | Page 65

Palacios said many APIs are not sufficiently protected , which makes them an attractive and profitable attack vector for cybercriminals .

According to the study , few companies have a complete inventory of their APIs and also know which ones transfer sensitive data . This figure , already low in 2023 , has risen from 40 % to just 27 % in 2024 . If an attack is carried out due to an insecure API , it would bring serious consequences for the insurance sector , such as damage to the company ’ s reputation , sanctions from regulators , loss of customer trust and loss of accounts , loss of productivity and costs to try to solve the problem .

On the other hand , according to BeDisruptive ’ s 2024 Global Cybersecurity Analysis , 84 % of cyberattacks for the execution of identity theft , financial fraud and extortion suffered by this sector occur through ransomware . This is followed by denial-of-service ( DDoS ) attacks , with 14 % of incidents .

APIs help enable that business growth as a connective tissue that drives digital transformation .

Insurance companies are not only going to invest in more advanced technologies to protect that data , but they must also take a more active role in keeping their customers ’ information safe .

Palacios recommends :

1 . Have an inventory of internal APIs exposed to the internet or those that consume information from third parties .

2 . Have a clear cybersecurity posture of APIs , that is , know the visibility of where they communicate , with whom , how many times , etc .

3 . Execute an early detection and response plan to attacks and thus avoid information leaks .

4 . Correctly manage the attack surface of APIs , starting from the fact that you cannot protect what you cannot see , an API visibility and management tool is necessary to achieve this goal . p

www . intelligentcio . com INTELLIGENTCIO LATAM 65