Always-On Security In A Bot-Infested World

Ntirety CEO Emil Sayegh explains why bot attacks have a direct impact on lost revenues and increased operational costs.

Bots, fake accounts, automated networks – there are many names, but they have one commonality: they’re all a plague upon the web, upon the enterprise, and upon the community. The on-again, off-again Twitter / Elon Musk deal is just the latest high-profile story that has put the topic back into the spotlight. It is a growing problem and to put it mildly, and it doesn’t look like there is any near-term resolution. There are industries that are more plagued by it than others, but this is only a matter of time.

The Plague of the Bot

For several years, bot traffic from malicious bots has notched double digit increases. By various measures, nefarious bot traffic is about a quarter of all internet traffic. Think about all that infrastructure, all that engineering, all of that quality control wasted on garbage or dangerous traffic. Another 15% of total traffic is “good bot” traffic, which is just the programmatic collection of information that someone out there is hoping will give them a marketing or insight edge. The worst threat however is from the malicious bots (AKA “Bad Bots”) that have the capabilities of creating havoc through:

· Credit Card Fraud

· Denial of Service attacks (DDoS)

· Steal Credentials

· Fake Account Creation

· Service Flooding

· Content Scraping

· Inventory Squatting (through abandoned shopping carts)

· Price Influencing

The Price of Bots

In short, bots are awful as Mr. Musk and Twitter execs can attest. In addition to accounting for the garbage traffic, massive efforts must take place to protect an organization from the damage that bots can do. Not only do efforts equal expense, but bot attacks also have a direct impact on lost revenues and increased operational costs.

Bots are universal, yet some industries feel this pain more than others. This is due to the type of data and the content that each subject business is in. Follow the money and you will find the most targeted industries. They include the following:

· Financial

· Gambling

· Travel

· Healthcare

· Ecommerce

Specific industries that are struggling with this impact at this moment include:

Fintech/Stocks – Fintech faces all of the troubles that financial industries face, attractive to criminals due to the accelerated access they provide to customers combined with financial motives. Bots try to manipulate stocks or digital currencies on a daily basis, hyping news on social media, executing targeted trades, etc.

Martech – Marketing technology faces similar challenges, with bots creating artificial conditions, clogging inventory, falsifying reviews, exploiting the landscape of ecommerce, and mostly creating fake clicks to fleece advertisers.

Public Opinion – Where fake and automated accounts help create false sentiment in a form of meddling where areas of products, politics, and opinion posts about any number of subject targets. We saw that in the accusation of both parties accusing the other of election interference through the use of bots.

The entire list covers every possible industry. With so many targets and the payoffs in clear sight, these bot threats are surging. Making matters worse, the composition of bot networks as well as the attacks they deliver are becoming increasingly sophisticated. Businesses are racing to keep up with the impacts.

Stay Vigilant

The best advice is to ensure the systems you control have are hermitically sealed through the use of multifactor authentication (MFA). Further, it is critical continue to be as proactive as possible in order to minimize the impact of these bot attacks, maintain customer experiences, and assure that profitability impact is minimized. Monitoring is a key component of these defenses, and you should investigate both spikes in traffic as well as their sources. Monitor and automate oversight over failed login attempts – a hallmark of a bot-based account attack are strategically originated, off-timed sign-in attempts. Overall, keep watch over the entire environment, inside and out because with enough visibility, you can mitigate events before they affect anything significantly. As Elon Musk did with Twitter, it is also critical to go back to the organization that is permissive of bots and hold them accountable. Bots are here to stay, so keeping them at bay is critical, ever a competitive mission for any organization.

This article was originally published in Forbes, please follow me on LinkedIn.