I recently added a new area of research to API Evangelist focused on cybersecurity. I added this area of research not because APIs are being used to hack systems, which does happen occasionally. I did this because I wanted to better tune into this area because APIs are being applied by all sides (are there sides?) to communicate, evaluate cybersecurity events, and spread their message — which is a significant part of what is cybersecurity.
When APIs aren't properly secured, and a breach occurs, I consider this a security topic and file it under my API security research. If something occurs in the wider global security theater, I file it under my cybersecurity research. This research doesn't always directly touch on APIs, but in many cases like the recent DNC hacks APIs are being used to analyze, study, share stories, and communicate around these often ongoing cybesecurity events.
I am seeing APIs often being used as part of the levers pulled when it comes to the theater of cybersecurity, whether it's anonymous bitcoin ransom payments, Guccifer 2.0 spreading the story of a recent breach of Twitter, or researchers doing their forensic studies. As with other areas of my API monitoring, establishing a dedicated research project helps me tune in closer to what is going on, identify key actors, and better understand the role of APIs in the fast-growing world of cybersecurity.