Salt Security 2024 Security Trends & Predictions
December 2023 by Nick Rago, Field CTO at Salt Security
With 2024 on the horizon, I wanted to share some predictions from Nick Rago, Field CTO at Salt Security, about what lays ahead in the cybersecurity space in the new year. API security is one of the top trends that Nick anticipates to dominate the threat landscape next year.
2024 will be the year for deploying API security strategies, not just deploying API security tools. For many organizations in 2023, API security became a priority, but was treated as a security checkbox, where security teams were looking to augment their existing web application security tools. Unfortunately, the security challenges associated with APIs can’t be solved by simply updating existing testing tools and edge security defenses to technologies that claim to provide "API security." As APIs continue to proliferate in organizations spanning all industries at incredible rates, and risky security posture, misconfigurations and logic based vulnerabilities continue to plague security teams leaving threat actors a low barrier to breach, organizations are realizing they don’t have a tooling problem, they have a strategy problem.
A good API security strategy starts with a good, well thought out API security posture governance program, that spans design to deployment. The hard truth is that as organizations rushed to embark on their high-speed journey to become "API-first," they did so on dirt roads with no guardrails. In 2024, we will see many organizations work on their API governance programs, to better help pave the roads, and put the security guardrails in place, to ensure a safer, more productive API-first journey.
In 2024, API production and usage will continue to increase, especially as many organizations in 2024 adopt more AI (artificial intelligence) driven processes and solutions in their business. AI needs data, and APIs are the vehicle for that data - and much of that data will be business critical or sensitive data. API sprawl is too risky in these scenarios.
We will also start to see many organizations start to leverage generative intelligence to develop APIs. This cannot be done unless organizations have created and mandated corporate standards on what a "good" API actually is from a security standpoint.