All Transform 2021 sessions are available on demand now. Look now.
Bots cost businesses an average of 3.6% of their revenue, according to a new report from Netacea. On average, it takes companies three months to identify that a bot attack has occurred. This failure to detect and stop attacks is due, at least in part, to the lack of a unified approach and shared language in the bot community and a lack of understanding of the methods and motivations behind bot attacks. The lack of methodology and framework left the door open for threat actors to continue carrying out attacks. As long as this problem persists, the bots and their operators will have the upper hand.
Over half of all web traffic is made up of automated bots. This is often seen as just an interesting fact, but bots cause real damage to businesses, often to the tune of millions of dollars.
The events of the past eighteen months have seen businesses in all industries rethink the way they operate. Some sectors have been hit harder than others, but no business has been spared. The travel sector has been among the hardest hit, but a faltering economy means even sectors that could benefit from prolonged lockdowns – such as online entertainment – are threatened by concerns over disposable income.
In these circumstances, the last thing a business needs is to see its revenue cut even further. Unfortunately, the switch to the Internet has only encouraged bot operators. In 2020, two-thirds of businesses detected website attacks, just under half saw their mobile app attacked, and a quarter, mostly financial services, saw bots attempting to compromise their APIs. Many companies operate with very slim margins and the bots cost them 3.6% of their revenue.
For 25% of the companies surveyed in this report, that’s a quarter of a million dollars lost.
Our investigation also reveals that every industry faces this problem, although the type of bots and where they attack may differ. The biggest problem for most businesses are account verification bots that use hacked passwords to take over accounts via credential stuffing, although sniper bots, Scalping bots and scraper bots don’t get too far behind.
One of the biggest surprises is the origin of these attacks. Bots, attackers and clients often come from the same parts of the world, unlike, for example, DDoS attacks. There may be some confidence among bot operators that they are unlikely to be detected and caught, and so there is little risk of operating in countries within the reach of authorities.
A common theme throughout the cybersecurity industry right now is not just attacks, but the time between attacks and their discovery. In the case of some high-profile attacks, months have passed between the incident and the realization that something is wrong, which means hackers have full latitude. Bot attacks follow this pattern, with approximately 14 weeks between attack and discovery.
Businesses recognize that robots are a problem and understand the effect they have on customer satisfaction and their already squeezed profit margins. The problem they face now is to turn that awareness into action. With only 5% of security budgets allocated to the problem, changing that can be difficult.
Read the full report from Netacea.
VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the topics that interest you
- our newsletters
- Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
- networking features, and more
Become a member