sb-nz logo
Story image

Businesses unprepared for bot attacks, despite awareness

Many businesses are aware of the threat of bot attacks, but believe they have the problem under control and are not adequately prepared for the level of risk.

This is according to research from Netacea, bot detection and mitigation specialists, titled ‘The bot management review: The challenge of high awareness and limited understanding’ which surveyed businesses across the travel, entertainment, e-commerce and financial services sectors.

The research found a high awareness of how bot attacks could negatively affect a business, with over 70% understanding the most common attacks, including credential stuffing and card cracking, and 76% stating they have been attacked by bots.

However, these same businesses revealed that around 15% of their web application resources are taken up by bots.

With more than half of web traffic today generated by bots, this implies that businesses are unaware of a great deal of the bot traffic on their sites.

Businesses were also unaware of the marketplaces where their customers’ usernames and passwords can be bought and sold, with only 1% of respondents being familiar with them.

Online entertainment sites, including gaming and streaming, were the most confident in their association of a bot attack with an incident, with more than half claiming not to have been attacked in the last year.

Just over 20% of e-commerce sites claimed to not have been affected, while financial services and travel sites were the most aware of the ubiquity of attacks. Furthermore, fewer than 5% said that they had not been the victim of an attack.

According to Netacea, this lack of visibility may be down to a lack of responsibility, as only one in ten businesses say that bot mitigation is the responsibility of a single department or person.

On this, almost two thirds say it is the responsibility of four or more departments, making passing the problem along, or even ignoring it completely, more of a possibility.

Despite this, the research did reveal that nearly all businesses were either investing in, or planning to invest in bot management, and almost none were cutting back on this security measure.

Netacea CTO Andy Still says, “Current circumstances mean that businesses are relying on their online presence more than ever before.

“This also means more opportunities for online criminal enterprises looking to increase their profits. And while the majority of businesses are not oblivious to the problem of bot attacks, the inevitable conclusion of this research is that this awareness is not leading to action.”

Still says, “High profile attacks, such as ransomware that locks down sites completely, have dominated the headlines recently, which may have led to this complacency.

"Bot attacks, while more subtle, can be just as devastating to a business, as accounts are stolen and sold on, card fees become crippling, and bad decisions are made on the basis of faulty data.”

Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
Revealed: Imperva publishes research on decade old botnet, responsible for millions of attacks
Imperva Research Labs has revealed findings of a six-month intensive investigation into a botnet that has been exploiting CMS vulnerabilities.More
Story image
Businesses left to make decisions based on old, inaccurate data, study finds
"It is more critical than ever that organisations have access to actionable, contextualised, near real-time threat data to power the network and application security tools they use to detect and block malicious actors."More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
Microsoft is most imitated brand for phishing attacks in Q3
Popular phishing tactics using the Microsoft brand used email campaigns to steal credentials of Microsoft accounts, luring victims to click on malicious links which redirect them to a fraudulent Microsoft login page. More
Story image
Entrust launches cloud-based ID issuance solution
The Sigma instant ID solution uses encryption, trusted HSM technology and secure boot to issue highly secure physical and mobile identities.More