873% Surge in API Attacks Puts Healthcare, Retail, and BFSI in the Crosshairs Organisations are adopting APIs faster than they're securing them, creating massive security gaps. Despite the identification of over 26,000 critical vulnerabilities in 2024, a third remained unpatched for over six months, leaving businesses dangerously exposed

By Entrepreneur Staff

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Freepik

As we move toward a direct, contactless market where almost everything is purchased online, APIs (Application Programming Interfaces) have become the lifeline of digital services—quietly powering everything from mobile banking and ride-hailing to insurance claims and retail checkouts. While they enable seamless data exchange and real-time communication, the same open data pathways are being exploited by malicious actors, fueling a surge in cybersecurity threats worldwide.

In 2024 alone, India witnessed a 20 per cent rise in cyberattacks from Q1 to Q4, with Indusface blocking over 7.15 billion malicious attempts on customer sites through its AppTrana platform. On average, each site experienced 6.9 million attacks during the year, according to the latest Annual State of Application Security Report by Indusface.

Distributed Denial of Service (DDoS) attacks remained a global menace, with 2.46 billion incidents. APIs emerged as a key point of vulnerability—facing 30 per cent more attacks per host than websites. India recorded 166 per cent more API-related DDoS incidents compared to web-based ones, with bot-driven attacks increasing by 48 per cent. The holiday season alone saw a 132 per cent surge in bot activity, as attackers exploited high-traffic periods to breach systems.

One of the most alarming findings was the 873 per cent increase in attacks targeting API vulnerabilities, vastly outpacing the 94 per cent rise in website-related exploits. The widespread availability of AI tools like ChatGPT has made it easier for novice hackers to generate and deploy malicious scripts, accelerating the pace of attacks.

Three sectors among the hardest hit

The report found significant variation in attack patterns based on industry. The retail and e-commerce sector experienced over 1 million attacks per website, with a 10x increase in DDoS incidents as fraud bots deployed credential stuffing and carding techniques to exploit payment systems. The manufacturing sector, too, saw 1.37 million attacks per site, with DDoS threats rising sixfold and targeting supply chains, ERP, and production operations. In the BFSI space, insurance firms faced 2.5x more bot threats and an eightfold increase in vulnerability attacks. This indicates a growing need for sector-specific, proactive cybersecurity strategies.

Healthcare and SMEs face unique challenges

Every monitored healthcare website encountered bot-driven attacks in 2024, highlighting the sector's ongoing vulnerability. These automated threats posed serious risks to patient data and hospital infrastructure.

Meanwhile, SMEs (small and medium-sized enterprises) were disproportionately affected—experiencing 236 per cent more DDoS attacks than large enterprises. Their limited access to dedicated security teams and resources makes them attractive targets, often exploited for financial gain or operational disruption.

This surge reflects a broader challenge—organisations are adopting APIs faster than they're securing them, creating massive security gaps. Despite the identification of over 26,000 critical vulnerabilities in 2024, a third remained unpatched for over six months, leaving businesses dangerously exposed.

"Cybercriminals are constantly evolving their tactics, leveraging different attack vectors based on industry, application type, and company size. APIs, for example, face 2x the attacks per host compared to web apps. Similarly, the insurance industry faces 2.5x more bot attacks per app than other industries," says Ashish Tandon, Founder and CEO of Indusface

"Security teams can stay ahead by investing in all-in-one, AI-powered AppSec platforms that adapt quickly to these evolving threats. However, even with AI, manual oversight is essential to prevent AI hallucinations and ensure uninterrupted business operations," Tandon added.
Entrepreneur Staff

Entrepreneur Staff

Editor

For more than 30 years, Entrepreneur has set the course for success for millions of entrepreneurs and small business owners. We'll teach you the secrets of the winners and give you exactly what you need to lay the groundwork for success.

Most Popular

See all
Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

By Eve Gumpel
Leadership

What Makes You a Unicorn in Your Industry? Start by Mastering These 4 Pillars

We all want to achieve elusive unicorn status. But how do you attain such a lofty goal among stiff competition, all vying for the same thing?

By Emily Reynolds Bergh
Leadership

Why 18 Minutes of Your Day Can Make You Better Than 95% of People

What if I told you that's all you need to surpass 95% of people in any skill? With 18 minutes of focused, consistent effort each day, you can turn small moments into massive progress.

By Rogers Healy
Business News

Here's How Much a Typical Google Employee Makes in a Year

Compensation for the median Google employee was up 5% in 2024 compared to 2023, according to a new U.S. Securities and Exchange Commission filing.

By Sherin Shibu
News and Trends

Recur Club Announces Credit Offerings for Startups Beyond Series A and SMEs

In FY 24–25, the platform also plans to deploy an additional INR 2000 crores through its Recur Swift program for startups.

By Paromita Gupta
Growing a Business

7 AI Tools That Help You Build a One-Person Business — and Make Money While You Sleep

Who needs a team? These seven AI tools let you automate everything, scale like a beast and reclaim your time.

By Ben Angel