Businesses know that bots are a big threat to their security and their sensitive - confidential data. However, they do not seem to be doing enough to mitigate the threat and the problems it entails. This perception reflects the findings of a new Netacea study, which looked at data from the travel, entertainment, E-commerce and financial services.
The research found great awareness of how attacks bots can have a negative and detrimental impact on a business. In particular, more than 70% of businesses believe they know about the most common attacks muzzle, including credential stuffing and card cracking. However, 76% reported being bot attacked.
The research, entitled "The Bot Management Review: The Challenge of High Awareness and Limited Understanding", also found that the same companies stated that only 15% of their web application resources are occupied by bots. According to research, this shows that companies are not prepared to deal with and mitigate a potential bot attack. Since more than half of web traffic today is generated by bots, businesses are not aware of much of the bots traffic to their sites. The survey also found that businesses are unaware of the obscure websites where they can buy and sell usernames and passwords of their customers, with only 1% of respondents stating that they know about these sites.
Who is responsible for dealing with bot attacks?
Research has shown that only 1 in 10 companies say that limiting bots is the responsibility of an individual department or individual. In addition, about two-thirds said it was the responsibility of four or more departments to resolve the issue. Still, many times businesses can completely ignore the problem. Harish Siripurapu, founder of Cyber Align, said some organizations may be confused by the type of attacks that usually occur with bots.
The main problem is that credential stuffing attacks are a gray area between cybersecurity and fraud. Breaking a customer's account by using credentials available at Dark web, it is a scam and a scam, but not necessarily a cyber attack, Siripurapu explained. He added that even in companies where CISOs are responsible for e-commerce security, fraud and scams, usually not managed by them. Siripurapu also noted that bot detection technologies do not appear on a road safety map, so there is no visibility and awareness. The DDoS attacks are the attacks that catch the attention of CISOs in most organizations.
These days, credential stuffing is one of the most well-known attack methods used by criminals using bots. Her most recent report Verizon Data Breach Investigations Report (DBIR) since 2019 reports that credential stuffing was used in 29% of data breaches.
Credential stuffing has been rated as the number one security threat in the world for a few years now and has been growing steadily since 1 when the term was coined, said Shuman Ghosemajumder, head of global artificial intelligence. (AI) in F5. He added that measuring the activity of bots is difficult, while he suggests to the security teams that want to locate the bots as accurately as possible, to use the best technology that they can financially support. Just as different analytics products measure users differently, it has been found that most technologies Bots detection have both false positive and false negative effects when it comes to locating highly sophisticated bots.
Finally, Netacea's research has shown that almost all businesses either invest or plan to invest in bots management, and almost none cut such technologies.