Attack on Data: How Industries are Suffering Due to a 32% Jump in Harmful Bots According to the 2024 Imperva Bad Bot Report, bad bot traffic levels rose for the fifth consecutive year, indicating an alarming trend
You're reading Entrepreneur India, an international franchise of Entrepreneur Media.
Gaming, Telecom, IT, and Travel. What's the one thing common between the four? The industries are a bot-favourite when it comes to stealing data, causing financial losses, and damaging company reputations.
The number of bad bot traffic has steadily increased from 23.6 per cent in 2013 to 32 per cent in 2023, with good bots degrowth from 19.4 per cent to 17.6 per cent in the period.
"Bots present a widespread challenge for businesses worldwide, exerting a significant impact on digital health and security. With nearly half of all internet traffic attributed to bots, and a troubling portion of them being malicious, the threat they pose is substantial," shares Ankush Sabharwal, Founder and CEO, CoRover with Entrepreneur India.
Notably, the gaming industry is the most susceptible to bad bot attacks at 57.2 per cent, followed by Telecom (49.3 per cent), IT (45.9 per cent), and Travel (44.5 per cent). The gaming industry alone amasses a user base of 3.24 billion online gamers as of 2021. India, single-handedly, recorded 455 million online gamers in 2023 according to Statista.
In 2018, British Airways succumbed to a large-scale hack that compromised data of 380,000 global passengers.
What does a bad bot do? The software mimics human users while interacting with other applications, making it hard to detect and block. They play a big part in web scraping, competitive data mining, personal and financial data harvesting, brute-force login attempts, scalping, digital ad fraud, denial-of-service attacks, spamming, and transaction fraud.
India ranks 10th when it comes to the most attacked countries by bad bots at 1.7 per cent. Native websites faced over five billion cyberattacks in 2023 alone.
"From simple web scraping to malicious account takeover, spam, and denial of service, bots negatively impact an organization's bottom line by degrading online services and requiring more investment in infrastructure and customer support," shares Nanhi Singh, General Manager, Application Security, Imperva, a Thales company.
Interestingly, as India's G20 Summit went live, 16 lakh bot attacks hit the G20 portal. Earlier in April, consumer electronics startup boAt saw the data of its 7.5M users be leaked on dark web.
According to the 2024 Imperva Bad Bot Report, bad bot traffic levels rose for the fifth consecutive year, indicating an alarming trend. Notably, the significant swelling of digital attackers is due to the increasing popularity of Artificial Intelligence (AI) and Large Learning Models (LLMs).
Sourav Banerjee, Partner - Innovation, MathCo, a global Enterprise AI and Analytics company, said, "With the rise of GenAI solutions for businesses, there's a downside - sneaky bots causing trouble. The biggest threat to most online companies is account takeover." Account takeover (ATO) attacks are among the most prevalent automated threats. Aite Group reports that losses from identity theft were estimated to reach USD 635.4 billion in 2023.
"But the good news is that work is underway to develop GenAI solutions to help fight these bots by spotting these attacks in heaps of data," Banerjee adds.
Not all bots are bad or harmful. Good bots such as Googlebot and Bingbot crawl websites for search engines or monitor website performance. They can significantly impact web analytics reports, making certain pages appear more popular than they are. "For instance, a good bot might generate an impression for a page on your website that you advertise, but that ad clicks never leads to the sales funnel," the report notes.
Proactive measures
So, what can businesses do to protect themselves from bots and online fraud? Amit Tripathi, Managing Director, icogz(R) believes that bots not only skew analytics and impair decision-making but also facilitate account takeovers, undermining customer trust in most cases.
"To counter this, businesses must invest in advanced bot detection and mitigation strategies that employ machine learning to distinguish between harmful bot traffic and legitimate users. Additionally, multi-factor authentication and behavioral analytics can significantly reduce the risk of account takeovers. This will come at a cost, but will be well worth it when you consider the customer experience that is otherwise impacted with this," he shares.
"It is incumbent upon organizations to prioritize cybersecurity initiatives and take a proactive stance against this evolving menace," adds Sabharwal. Businesses can employ security measures like firewalls, anti-virus software, VPNs, and two-factor authentication to safeguard customer data. He further states that fostering collaboration within the industry and forging partnerships with cybersecurity experts are crucial in nature.
Kumar Ritesh, Founder, Cyfirma proposes for Multi-Factor Authentication, "To mitigate bot attack risks, MFA should be implemented to add an extra layer of security beyond passwords. This helps prevent unauthorised access even if login credentials are compromised. Conduct regular security audits and monitor network traffic for suspicious activities to detect and mitigate bot attacks and account takeovers proactively. Deploy bot detection solutions that can identify and block malicious bot traffic, reducing the risk of automated attacks targeting web applications and APIs. Utilize advanced threat intelligence and analytics tools to identify emerging threats, analyze attack patterns, and develop proactive strategies for bot attack and account takeover prevention."
Rikant Pittie, Co-Founder, EaseMyTrip shares his views on improving security as a travel enterprise, "Our approach encompasses various practices, including conducting thorough cybersecurity risk assessments, tracking key security metrics, deploying automated cybersecurity solutions, maintaining an incident response plan, implementing regular updates as required, and breaking down organizational silos to foster seamless collaboration across departments."
Mass Education on digital hygiene for employees and customers is being hailed as an important combating agent to these threats.
