Research from Netacea, the bot detection and mitigation specialists, has found that many businesses are at risk from bot attacks—despite an awareness of the problem and a widely held belief that they have the problem under control.
The research, The bot management review: The challenge of high awareness and limited understanding, surveyed businesses across the travel, entertainment, e-commerce and financial services sectors. It found a high awareness of how bot attacks could negatively affect a business, with over 70% understanding the most common attacks, including credential stuffing and card cracking, and 76% stating they have been attacked by bots.
However, these same businesses revealed that around 15% of their web application resources are taken up by bots. With over half of web traffic today generated by bots, this implies that businesses are unaware of a great deal of the bot traffic on their sites.
Businesses were also wholly unaware of the marketplaces where their customers’ usernames and passwords can be bought and sold, with only 1% of respondents being familiar with them.
Online entertainment sites, including gaming and streaming, were the most confident in their association of a bot attack with an incident, with over half claiming not to have been attacked in the last year. Just over 20% of e-commerce sites claimed to not have been affected, while financial services and travel sites were the most aware of the ubiquity of attacks—fewer than 5% said that they had not been the victim of an attack.
This lack of visibility may be down to a lack of responsibility: only one in ten businesses say that bot mitigation is the responsibility of a single department or person. Almost two thirds say it is the responsibility of four or more departments, making passing the problem along—or even ignoring it completely—much more of a possibility.
“Current circumstances mean that businesses are relying on their online presence more than ever before,” said Andy Still, CTO, Netacea. “This also means more opportunities for online criminal enterprises looking to increase their profits. And while the majority of businesses are not oblivious to the problem of bot attacks, the inevitable conclusion of this research is that this awareness is not leading to action.”
“High profile attacks, such as ransomware that locks down sites completely, have dominated the headlines recently, which may have led to this complacency. Bot attacks, while more subtle, can be just as devastating to a business, as accounts are stolen and sold on, card fees become crippling, and bad decisions are made on the basis of faulty data,” cautioned Still.
The research did reveal some good news—nearly all businesses were either investing in, or planning to invest in bot management, and almost none were cutting back on this vital security measure.