SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Businesses unprepared for bot attacks, despite awareness
Tue, 21st Jul 2020
FYI, this story is more than a year old

Many businesses are aware of the threat of bot attacks, but believe they have the problem under control and are not adequately prepared for the level of risk.

This is according to research from Netacea, bot detection and mitigation specialists, titled ‘The bot management review: The challenge of high awareness and limited understanding' which surveyed businesses across the travel, entertainment, eCommerce and financial services sectors.

The research found a high awareness of how bot attacks could negatively affect a business, with over 70% understanding the most common attacks, including credential stuffing and card cracking, and 76% stating they have been attacked by bots.

However, these same businesses revealed that around 15% of their web application resources are taken up by bots.

With more than half of web traffic today generated by bots, this implies that businesses are unaware of a great deal of the bot traffic on their sites.

Businesses were also unaware of the marketplaces where their customers' usernames and passwords can be bought and sold, with only 1% of respondents being familiar with them.

Online entertainment sites, including gaming and streaming, were the most confident in their association of a bot attack with an incident, with more than half claiming not to have been attacked in the last year.

Just over 20% of eCommerce sites claimed to not have been affected, while financial services and travel sites were the most aware of the ubiquity of attacks. Furthermore, fewer than 5% said that they had not been the victim of an attack.

According to Netacea, this lack of visibility may be down to a lack of responsibility, as only one in ten businesses say that bot mitigation is the responsibility of a single department or person.

On this, almost two thirds say it is the responsibility of four or more departments, making passing the problem along, or even ignoring it completely, more of a possibility.

Despite this, the research did reveal that nearly all businesses were either investing in, or planning to invest in bot management, and almost none were cutting back on this security measure.

Netacea CTO Andy Still says, “Current circumstances mean that businesses are relying on their online presence more than ever before.

“This also means more opportunities for online criminal enterprises looking to increase their profits. And while the majority of businesses are not oblivious to the problem of bot attacks, the inevitable conclusion of this research is that this awareness is not leading to action.

Still says, “High profile attacks, such as ransomware that locks down sites completely, have dominated the headlines recently, which may have led to this complacency.

"Bot attacks, while more subtle, can be just as devastating to a business, as accounts are stolen and sold on, card fees become crippling, and bad decisions are made on the basis of faulty data.