Organisations’ confidence in their ability to protect their customers data – and the respective fallout of a data breach – is entirely misplaced.
That’s according to new research from Netacea. It shows that while many businesses are at risk from bot attack, they maintain they have the problem under control.
More than half of all traffic online is bot activity, but firms put this figure at just 15 percent. Netacea’s conclusion is that organisations are dangerously overconfident in their ability to deal with these threats.
“A little knowledge is a dangerous thing – our research shows that businesses have just enough to think that they have the bot problem under control,” Andy Still, CTO, Netacea, told TDP. “In reality, they are unaware of the most dangerous threats they face from cybercriminals, and simply don’t know how much of the traffic on their sites intends to do them harm.”
Recently it was revealed that usernames and passwords for 15 billion accounts are for sale online.
The Netacea survey found that many understood cybercriminals could use automated bots to use and resell these usernames and passwords from credential stuffing attacks.
Businesses were also unaware of the marketplaces where their customers’ usernames and passwords can be bought and sold, with only one percent of respondents being familiar with them.
Online entertainment sites, including gaming and streaming, were the most confident in their association of a bot attack with an incident, with more than half claiming not to have been attacked in the last year.
Just over 20 percent of e-commerce sites claimed to not have been affected, while financial services and travel sites were the most aware of the ubiquity of attacks – fewer than five percent said that they had not been the victim of an attack.
Lack of responsibility
In a statement, Netacea said this lack of visibility may be down to a lack of responsibility. Only one in ten businesses say that bot mitigation is the responsibility of a single department or person. Almost two thirds say it is the responsibility of four or more departments, making passing the problem along more of a possibility.
“Current circumstances mean that businesses are relying on their online presence more than ever before,” said Still. “This also means more opportunities for online criminal enterprises looking to increase their profits.”
Still said that while most businesses are aware of the problem of bot attacks, he drew the conclusion that this is not leading to action.
“High profile attacks, such as ransomware that locks down sites completely, have dominated the headlines recently, which may have led to this complacency. Bot attacks can be just as devastating, as accounts are stolen and sold on, card fees become crippling, and bad decisions are made on the basis of faulty data.
However, the research did reveal that nearly all businesses were either investing in or planning to invest in bot management.
