SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Businesses losing up to $250 million every year from bot attacks - report
Fri, 13th Aug 2021
FYI, this story is more than a year old

Bot detection and mitigation company Netacea has announced results from a new report revealing the high price businesses pay due to bot traffic.

The survey found automated bots operated by malicious actors cost businesses 3.6% of their annual revenue. The 25% worst affected companies equate to at least a quarter of a billion dollars ($250 million) every year.

The report, The Bot Management Review: What are bots costing your business?, surveyed 440 companies across travel, entertainment, eCommerce, financial services and telecoms sectors in the United States and the UK.

According to the report, every sector had a significant bot problem, with two-thirds of businesses detecting website attacks. It found 46% of respondents reported attacks on mobile apps, and 23%, mostly in financial services, say bots had attacked their APIs.

“Last year was particularly tough for legitimate businesses already operating with razor-thin margins thanks to an economic slump,” says Netacea CTO, Andy Still.

“It was a bumper year for those who use bots to leech off of those businesses, especially bad actors who looked to take advantage of a significant shift to online working and retail.

While scalper bots, those that automate the purchase of inventory such as game consoles and other limited availability goods, continue to dominate headlines in 2021, businesses have been affected by all types of bots. These include account checker bots that use stolen usernames and passwords to take over accounts, sniper bots that monitor activity and swoop in at the last moment, and scraper bots that extract content and data from websites.

Some key findings of the Netacea research include:

  • Over 80% of businesses reported that customer satisfaction had been negatively affected by bot activity, in particular scalper and sniper bots.
  • Only 5% of security budgets are dedicated to bot mitigation, though it's a little higher for larger firms, at up to 20%.
  • Account checker bots are the most popular bot attacks, taking advantage of data breaches and leaked passwords to compromise customer accounts.

Netacea says the most worrying factor is the time it takes to discover attacks. On average, more than 14 weeks pass between a successful attack and its detection, making it difficult to limit the damage to a business's customer satisfaction, reputation, and bottom line.

“While there is a greater awareness of the threat than in previous years, only 5% of security budgets are used to target the problem,” says Still.

“Businesses need to realise that bots are not a mere nuisance, but a genuine security threat, especially when a business is already struggling because of other factors.

Netacea's previous research around the Genesis Market, an underground marketplace for stolen credentials, shows that the industry is becoming more sophisticated. Those operating bots do so at a professional level, with consultants, help desks and highly specialised infrastructure providers accessible through covert forums, making bots widely available.