sb-au logo
Story image

Businesses unprepared for bot attacks, despite awareness

Many businesses are aware of the threat of bot attacks, but believe they have the problem under control and are not adequately prepared for the level of risk.

This is according to research from Netacea, bot detection and mitigation specialists, titled ‘The bot management review: The challenge of high awareness and limited understanding’ which surveyed businesses across the travel, entertainment, e-commerce and financial services sectors.

The research found a high awareness of how bot attacks could negatively affect a business, with over 70% understanding the most common attacks, including credential stuffing and card cracking, and 76% stating they have been attacked by bots.

However, these same businesses revealed that around 15% of their web application resources are taken up by bots.

With more than half of web traffic today generated by bots, this implies that businesses are unaware of a great deal of the bot traffic on their sites.

Businesses were also unaware of the marketplaces where their customers’ usernames and passwords can be bought and sold, with only 1% of respondents being familiar with them.

Online entertainment sites, including gaming and streaming, were the most confident in their association of a bot attack with an incident, with more than half claiming not to have been attacked in the last year.

Just over 20% of e-commerce sites claimed to not have been affected, while financial services and travel sites were the most aware of the ubiquity of attacks. Furthermore, fewer than 5% said that they had not been the victim of an attack.

According to Netacea, this lack of visibility may be down to a lack of responsibility, as only one in ten businesses say that bot mitigation is the responsibility of a single department or person.

On this, almost two thirds say it is the responsibility of four or more departments, making passing the problem along, or even ignoring it completely, more of a possibility.

Despite this, the research did reveal that nearly all businesses were either investing in, or planning to invest in bot management, and almost none were cutting back on this security measure.

Netacea CTO Andy Still says, “Current circumstances mean that businesses are relying on their online presence more than ever before.

“This also means more opportunities for online criminal enterprises looking to increase their profits. And while the majority of businesses are not oblivious to the problem of bot attacks, the inevitable conclusion of this research is that this awareness is not leading to action.”

Still says, “High profile attacks, such as ransomware that locks down sites completely, have dominated the headlines recently, which may have led to this complacency.

"Bot attacks, while more subtle, can be just as devastating to a business, as accounts are stolen and sold on, card fees become crippling, and bad decisions are made on the basis of faulty data.”

Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More
Story image
Users pay with personal data - Kaspersky on WhatsApp move to share data with Facebook
"Nothing is truly free, and, unfortunately, the current business model for free services means that, essentially, we pay with our data."More
Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More
Story image
Country-wide phishing reports up 75% in 2020
In total, Australians lost $176 million to scams in 2020, 23% higher than the previous year, with phishing the most reported type.More
Story image
Sophos named a Numbering Authority in CVE programme
The programme, which runs an open data registry of vulnerabilities, enables programme stakeholders to correlate vulnerability information used to protect systems against attacks. More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More