A new report from Netacea, a bot detection and mitigation specialist, revealed results that most businesses do not fully understand the threat bots pose, leaving those organisations vulnerable to threats.
The report, The Bot Management Review: Separating Bot Fact from Fiction, surveyed 440 businesses across the travel, entertainment, eCommerce, financial services, and telecoms sectors in the US and the UK.
The report found that while most businesses were aware that bots were an issue, many were confused about where attacks originate and what technologies and techniques were effective against bots.
For example, the report shows that more than two-thirds of businesses believe that WAFs (Web Application Firewalls) and DDoS (Distributed Denial of Service) protection keep them secure from bot attacks.
While these tools will prevent some attacks, they are not effective against bots—leaving businesses vulnerable to attacks that may mean the difference between profit and loss.
Previous research from Netacea found that bots damage businesses both directly and indirectly. Bot traffic costs businesses millions, whether bots are scraping content, buying goods before anyone else or using stolen passwords to take over accounts.
However, while businesses understand that this threat exists, this does not mean they understand how to fight it.
The top 5 myths businesses believe about bots are:
1. MYTH: WAFs will stop sophisticated bots (believed by 73%, including 92% of telcos and 77% of eCommerce businesses).
FACT: WAFs are not designed to stop bot threats, though basic bot mitigation tools may be bundled with this service.
2. MYTH: DDoS protection will stop all bot attacks (believed by 71%).
FACT: While DDoS protection will help keep websites online when overwhelmed by traffic from a botnet, this type of activity is very different from a bot attack.
3. MYTH: Bot attacks only come from Russia and China (believed by 61%).
FACT: Netacea’s research has found that just over a third of businesses have detected threats from Russia and China. Meanwhile, around half of businesses detected threats from the US and the UK, and many more have been detected from throughout Europe.
4. MYTH: All bots are bought on the dark web (believed by 58%).
FACT: Increasingly we see not just bots but data dumps of usernames and passwords made available on the “clear web” and accessible to anyone.
5. MYTH: All bot users are criminals (believed by 55%).
FACT: While bot techniques such as card cracking and account takeover are illegal, many everyday consumers are able to get their hands on “grinch bots” and buy limited edition products faster than any human.
“The first step to preventing any attack is to understand it, otherwise you’re flying blind. In the case of bots, if security teams cannot identify the nature of an attack and are deploying the wrong solutions, they are leaving themselves open to attack,” said Andy Still, CTO, Netacea.
“Bots are growing in sophistication and popularity among both professional and amateur hackers. Only with a better understanding of what bots are capable of and what tools and techniques are effective against them will security teams be better prepared for the threat bots pose to their businesses.”
The full report can be downloaded here.