Automated bot attacks on the rise for SMBs as research finds websites attacked 172 times per day

New research from Sectigo®, a global leader in digital certificates and automated Certificate Lifecycle Management (CLM), found cyber threats - especially automated bot attacks - on the rise, primarily due to skyrocketing bot traffic. 

Small and medium-sized businesses (SMBs) are grappling with bot traffic that now accounted for 5.5 times more than human traffic in 2021, compared to 2020 -- 2,306 weekly average bot visits per site. Further, the volume of human traffic decreased, indicating that malicious actors are using bots to scale their attacks and target unaware SMB website owners.

“While there are legitimate reasons for bots to visit a website like search engine crawlers and copyright scans, bots are also used for a variety of nefarious purposes. Malicious bots can programmatically visit websites and identify vulnerabilities in code to execute their attacks, such as stealing data or inserting malware,” said Jason Soroko, CTO of PKI at Sectigo.

Soroko continued: “The public internet is a very dangerous place and is increasingly getting worse. Don’t commit the fallacy of the underdog -- SMB websites have enormous value to bad actors because they have customer data and can be used for phishing attacks. It’s not just about fraud, either. If websites handle payments, they’re obvious targets, too. The content management system platforms SMBs rely on may not protect against these threats. In fact, they are inherently difficult to secure.”

Soroko concluded: “SiteLock’s new data underscores the importance of having a comprehensive website security solution in place to protect against these threats and establish digital trust in an increasingly digital world. Even well-resourced enterprises struggle with this. In 2022 and beyond, specialized security tools are a necessity, not a luxury.”

The research was conducted by Sectigo’s website security protection and monitoring company, SiteLock. 2022 SiteLock Annual Website Security Report explores the current website security landscape and trends from 2021. SiteLock analyzed more than 14 million websites to determine the most prevalent cyber threats organizations face today. 

Findings show that the threat landscape continues to grow and evolve, with particularly effective cyberthreats coming into focus, such as Filehacker (35 percent of infected websites with malware contained Filehacker) and Backdoor attacks (31 percent contained Backdoor). The research found:

Ninety-three percent of websites infected with malware were not blacklisted. That’s nine out of 10 websites missed by search engines.

Websites are attacked 172 times per day, eight attacks per minute.

WordPress sites are 39 times more vulnerable than non-Content Management System (CMS) sites. Plus, plugins impact WordPress vulnerability. For every five plugins on a website, the risk of an attack is nearly double.

There are currently an estimated 4.1 million websites infected with malware worldwide.

Nearly half (48 percent) of SMB website owners believe they are too small to target, even though half of them have been breached.

Given the broad range of threats, businesses require a comprehensive security solution. SiteLock is a suite of security products designed to protect SMBs attacks of all kinds. With SiteLock’s risk assessment tool which analyzes more than 500 variables to determine a website’s risk level, SMBs can stay ahead of these evolving web threats and keep bad actors from disrupting their online presence.