Automated Threats in the retail sector
According to the most recent studies, 62% of the threats that retail organizations faced were automated, and that suggests an increasing threat level that corporations need to be aware of.
Online retailers have seen a tenfold increase in the proportion of attacks that were conducted through frameworks designed to preserve anonymity. Last year the proportion was just 3.5%, but this year it jumped to just under 33% with all things having been considered and taken into account.
In the past 12 months, nearly 40% of traffic hitting the average ecommerce website was not generated by humans, but instead came from often-malicious bots running automated tasks. Nearly a quarter of traffic – 23.7% – was attributable to advanced bots using cutting-edge evasion techniques to mimic human behaviour and avoid detection.
Last year, bot-related attacks grew by 10% during October and another 34% in November, providing clear evidence that the actors behind such automated bot networks are keenly aware of the value of the holiday period to retailers. Indeed, one variety of automated bot has become known as a Grinch Bot – scooping up inventory that is in high-demand and hoarding it, making it harder for legitimate consumers to purchase gifts online.
Other malicious bots are engaged in account takeover (ATO) activities, with over 64% of ATO attacks using some kind of bot in 2021. The attackers behind these bots are generally using leaked customer details in credential stuffing attacks, and in an indication of the volume of their activity, Imperva found 22.6% of all login attempts on retail websites are malicious.
With limited staffing and conflicting priorities, retailers are challenged in combating security threats. In principle, responsibility for IT security cannot be delegated, but many retailers still delegate key security activities to auditors, contractors and stores. Finally, many retailers lack a governance process and focus instead on regulatory compliance at the expense of a framework that governs information.