ABI Research warned security must not be overlooked as operators seek fresh revenue by exposing network APIs to third-party developers, a move analysts say is a huge risk if not handled right.

The research company believes standardisation moves by groups including the GSMA will be a major boost in terms of delivering the required protections, an area digital security research analyst Georgia Cooke believes must be addressed as early as possible.

“It’s critical that operators don’t rush this. API-based network exposure could be a viable counter to slow 5G network return on investment. Still, it also presents a major security risk and must be achieved in measured and comprehensively reviewed steps”, Cooke said.

ABI Research predicted protection-oriented API revenue could top $5 billion in 2028, with sales of 5G security software tipped to more than treble over the next five years to $4.6 billion.

It added APIs will not be the sole source of the latter’s sales growth, but will certainly “constitute one of the largest threat vectors” as the influence in the broader software segment increases.

Cooke said APIs had “already been the source of major telco breaches”, a problem which will continue “if good security design and policy isn’t included from the very beginning”.

There is something of a double-edged sword in ABI Research’s expectations, with the company acknowledging APIs will also “help to identify and protect against” attacks.

“If well-implemented, APIs could be an invaluable source of data for threat identification systems, with network insight that could alert security analysts to attacks in the early stages and prevent successful breaches”, Cooke noted.

But the analyst sounded a note of caution because “simple misconfiguration or human error could leave networks exposed and vulnerable to attackers”.