2022 Cyber Predictions: Malicious API Activity Deserves More Security Attention

This is part of our 2022 cyber predictions series. We heard from top leaders in the industry about what cyber could bring in the new year.






Kate Barecchia, Global Data Privacy Officer, Imperva


“As software updates are pushed ever faster to defeat security threats, user error increases from the stress of covid, burnouts, lack of childcare (think all the things that made people gain 15lbs in 2020) will increase in both frequency and severity. As teams are stretched thin because of social and emotional pressures, we’ll have more “accidents” like public facing S3 buckets, open GitHubs, etc.”

Peter Klimek, Director of Technology, Office of the CTO, Imperva


“The API ecosystem will continue to grow at an astonishing pace in 2022 as organizations increasingly rely on them to connect mobile applications, IoT devices, microservices, containers, and serverless functions to the underlying data layer. As the volume grows, APIs will become a major source of data breaches in the New Year.

The popularity of GraphQL development language among software engineers will be partly to blame for this trend. Using tried-and-true methods learned from targeting SQL databases, cybercriminals will be able to leverage stolen credentials and access tokens to query internal GraphQL APIs and exfiltrate large volumes of data from the underlying data layer.

The rise in malicious activity will shift the conversation about API Security and will force organizations to look at it as a threat to the security of their data. The C-Suite will demand more accountability from developers and will task the CISO with monitoring API behavior and regulating what data APIs are accessing and by whom.”

David Valovcin, Sr. Director, Imperva Data Security


“While the two camps fight over whether it should be called Data Security or Data Protection, hackers will gain unprecedented access to enterprises’ sensitive data and siphon away millions of records without proper authorization. Legislators will attempt to introduce fines and penalties for not disclosing these data breaches and organizations will become even more confused on what they need to do to secure their most critical data and how to comply with these newly added privacy regulations.”

Matt Hathaway, Vice President of Product Marketing, Imperva


“As they continually do, criminals will learn from their success in using bots to profit from buying and reselling all manner of technology during the global chip shortage. As semiconductor shortages dissipate in early 2022, these proven bot techniques will be repurposed for other high-demand items impacted by the global supply chain crisis. Any retailer reeling from supply issues today could also see their customers experience inventory challenges in the near future.”


###