By Steve Prentice

The next time you go to a restaurant, it is pretty likely that the traditional menu – that big old handheld document – will have been replaced by a QR code that allows you to review your meal choices through your phone. Few customers know or care that when they scan that QR code, their mobile device uses an API (Application Programming Interface) to connect to a back end, which then presents a menu linked to another API that connects to another back end that handles the transaction required to pay for the meal. 

The use of APIs has exploded over the last few years, and they work so well that most non-IT people forget that they exist in the first place. However, with widespread acceptance comes increased threats, which means business owners, CISOs, and their teams must remain focused on protecting APIs from attacks and vulnerabilities. The seamless and invisible interaction typical of APIs serves as a reminder of just how valuable, and at the same time, how potentially dangerous, all data connections can be.

APIs Are Like Connective Tissue

Ultimately, an API is a method by which computer programs or their components communicate with each other. But Nanhi Singh, VP of Application Security and Customer Success at Imperva, in a recent podcast with Todd Moore, Global Head of Data Security Products at Thales, has a better and more memorable definition. She calls APIs “the connective tissue” between applications. 

Even though humans might get queasy about seeing organic connective tissue, we know what it does and why it’s important. Singh’s analogy highlights the importance of APIs in holding different parts of an application together and enabling flexibility in response to external forces. So, as an analogy, it’s powerful. Not only does such tissue hold parts of an anatomy together, but it also helps make it flexible, allowing a body part to respond appropriately to the forces around it. Just like connective tissue in our bodies, APIs play a crucial role in ensuring smooth and efficient interactions between applications.

Companies known for protecting identities and data when at rest and in motion can now also help customers perform additional crucial tasks, such as finding critical data to meet compliance regulations promptly. Thinking about connections in this way allows one to dig deeper into the nature of connection, especially how applications, machines, and people connect with other applications, machines, and people. These connections rely heavily on up-to-par data security and cybersecurity, but end users overlook this, placing the responsibility for reinforcement on IT leaders.  

Helping The Disconnected To Connect

End users often see the component activities of their jobs as isolated and somewhat inviolable. Think, for example, about how little thought most people give to the security of their home routers even though they are, by virtue of the internet, connected to their employers, their customers, and everyone else. Think also about people’s ongoing preference for easily guessable passwords. Choosing 123456, or the names of kids, pets, or sports teams, is an easy front door for threat actors to walk through, even when there’s an exclamation point, or asterisk added in there somewhere. People who choose easy passwords focus on their own ease of use, their own user experience, and not on the reason for a password’s existence in the first place.

In IT security, there are also physiological connections to consider, such as those between the human mind and human reflex. When an individual clicks on a phishing link in an email or in a scam SMS message on their phone, there is a disconnection. A person’s instant reaction to the urgency of the message – clicking on the link without thinking – means their connection to their own thinking brain has been severed by the power of instinctive self-defense, while sadly, the communication connection between the victim and the criminal continues to work perfectly. Security specialists must continue to work hard to repair this disconnect, especially as deepfakes take it to the next level. We need to constantly reinforce the idea among end users of thinking twice before reacting, reconnecting a person’s actions to a critical thinking state, while the company itself echoes this connection by creating a culture that embraces learning within an ethos of proactive safety.

Bad Bots Are Big Trouble 

Finally, there is a connection between our human activities and intelligent bots – devices that can serve us well in terms of interacting with customers, but which are equally capable of misinformation and sabotage. It is shocking to discover, as discussed on the podcast and mentioned in the Imperva Bad Bot Report, how easily bots connect with businesses to cause damage, and that almost 50 percent of all internet traffic is not human, but bots.

It is unnecessary to point out how the physical nature of the internet and social media is all about connection, but it is worth repeating that the ubiquity of these connections is in large part responsible for numerous forms of simultaneous disconnection, which includes phishing, social polarization and distrust between managers and workers.

Steve is a specialist in organizational psychology, focusing on the interaction of people, technology, and change. He works as a speaker, author, broadcaster, and writer with clients in IT, cybersecurity, government, healthcare, and law, dealing with cybersecurity, AI, blockchain, and the future of work.