Bot myths and fallacies leave two-thirds of businesses at higher risk of malicious attacks

New report from Netacea uncovers the bot myths believed by businesses —leaving them vulnerable.

  • 2 years ago Posted in

Netacea has published results from a new report showing that most businesses do not fully understand the threat bots pose, leaving those organisations vulnerable to threats.

 

The report, The Bot Management Review: Separating Bot Fact from Fiction, surveyed 440 businesses across the travel, entertainment, eCommerce, financial services, and telecoms sectors in the US and the UK. The report found that while most businesses were aware that bots were an issue, many were confused about where attacks originate and what technologies and techniques were effective against bots.

 

For example, the report shows that more than two-thirds of businesses believe that WAFs (Web Application Firewalls) and DDoS (Distributed Denial of Service) protection keep them secure from bot attacks. While these tools will prevent some attacks, they are not effective against bots—leaving businesses vulnerable to attacks that may mean the difference between profit and loss.

 

Previous research from Netacea found that bots damage businesses both directly and indirectly. Bot traffic costs businesses millions, whether bots are scraping content, buying goods before anyone else or using stolen passwords to take over accounts. However, while businesses understand that this threat exists, this does not mean they understand how to fight it.

 

The top 5 myths businesses believe about bots are:

 

MYTH: WAFs will stop sophisticated bots (believed by 73%, including 92% of telcos and 77% of eCommerce businesses).

FACT: WAFs are not designed to stop bot threats, though basic bot mitigation tools may be bundled with this service.

 

MYTH: DDoS protection will stop all bot attacks (believed by 71%).

FACT: While DDoS protection will help keep websites online when overwhelmed by traffic from a botnet, this type of activity is very different from a bot attack.

 

MYTH: Bot attacks only come from Russia and China (believed by 61%).

FACT: Netacea’s research has found that just over a third of businesses have detected threats from Russia and China. Meanwhile, around half of businesses detected threats from the US and the UK, and many more have been detected from throughout Europe.

 

MYTH: All bots are bought on the dark web (believed by 58%).

FACT: Increasingly we see not just bots but data dumps of usernames and passwords made available on the “clear web” and accessible to anyone.

 

MYTH: All bot users are criminals (believed by 55%).

FACT: While bot techniques such as card cracking and account takeover are illegal, many everyday consumers are able to get their hands on “grinch bots” and buy limited edition products faster than any human.

 

“The first step to preventing any attack is to understand it, otherwise you’re flying blind. In the case of bots, if security teams cannot identify the nature of an attack and are deploying the wrong solutions, they are leaving themselves open to attack,” said Andy Still, CTO, Netacea. “Bots are growing in sophistication and popularity among both professional and amateur hackers. Only with a better understanding of what bots are capable of and what tools and techniques are effective against them will security teams be better prepared for the threat bots pose to their businesses.”

 

Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...