Undiscovered Bot Attacks and $226 Billion in Cybersecurity Spending
Highlighting Netacea and Juniper Reports
By Roy Urrico
Finopotamus aims to highlight white papers, surveys, analyses, news items and reports that provide a glimpse as to what could, or potentially, impact credit unions and other organizations in the financial services industry.
Here we look at two United Kingdom (UK) based companies offering up studies of global cybersecurity efforts.
Bot Attacks Go Undiscovered for Average of 16 Weeks
Manchester-based, Netacea just released its new report, The Bot Management Review 2022 on how businesses are dealing with bot attacks, which are going undiscovered for an average of 16 weeks, up two weeks from 2021’s findings.
The study, which surveyed 440 businesses across the financial services, travel, entertainment, ecommerce, and telecoms sectors in the United States and the UK, found that in almost every measure, businesses appear to be doing worse than last year in the fight against bots — though this may not necessarily mean they are losing the fight.
As well as the finding that bot attacks are going undiscovered for longer, the research also found:
· Bot owners are shifting their tactics, with 60% of businesses detecting attacks on application programming interfaces (APIs) and 39% detecting attacks on mobile apps (up from 46% and 23% from 2021, respectively).
· Attacks from each of the main types of bots—sniper, account checker, scalper and scraper — have all increased by 7-9 percentage points from 2021. Fifty-three percent of businesses have detected attacks from account checker bots, which takes lists of leaked username and password pairs and tests them against a website.
· Almost all businesses, approximately 97%, report bot attacks affect customer satisfaction.
· Retailers in the U.S. are reporting fewer loyalty points stolen by automated attacks, but the value of the average theft has more than doubled, suggesting a more targeted approach.
· The revenue impact of skewed web analytics, caused by bots treated as genuine visitors, increased from 4% to 5%, though fewer businesses report a substantial impact from this particular effect of bot attacks.
“On the face of it, this looks like a very poor result for businesses hoping to fight the effect of bot attacks. Our research has shown that bots have a substantial effect on business revenues, and so it is in their interest for our results to move the other direction,” said Andy Still, chief product officer (CPO) and co-founder, Netacea.
Still added, “Businesses are taking time to wake up to the threat of bots, and we see at least part of this increase in bot attacks being down to a greater awareness. Businesses are getting better at recognizing bot attacks, and so while it may look like things are getting worse, there is some cause for cheer.”
The report also found less incorrect assumptions about bot attacks than in previous years. Fewer businesses, for example, believe that all bot attacks emanate from Russia and China, that a Web Application Firewall will stop sophisticated bots, and that ReCAPTCHA is an effective tool against all bots. However, more than 50% of businesses still believe these myths, according to Netacea, suggesting there is still some way to go.
“Businesses may be beginning to turn the tide against bot attacks, but if so, it really is just the beginning,” said Matthew Gracey McMinn, head of threat research, Netacea. He pointed out the most damning result of Netacea’s research shows bots can essentially run wild for months before detection. “Better understanding is vital, but just the first step.”
Enterprise Cybersecurity Spending to Exceed $226 Billion Globally by 2027
Another UK firm, Hampshire, UK-based Juniper Research has found the value of enterprise cybersecurity spending will exceed $226 billion worldwide in 2027; up from $179 billion in 2022. This growth of 26% over the next five years reflects the increasing maturity of the cybersecurity market, which continues to evolve as new threats emerge.
The report, Cybersecurity: Key Trends, Competitor Leaderboard and Market Forecasts 2022-2027, identified a rising awareness of vulnerabilities, alongside emerging threats, including ransomware and distributed denial of service (DDoS) as key drivers behind the increasing spend.
The new research found the implementation of remote working and cloud computing by businesses, from small to multinational, increasing attack vectors available to cybercriminals. The report identified machine learning within cybersecurity solutions and improving response times as key requirements in combatting evolving tactics of cybercriminals.
The report suggested cybersecurity providers must form strategic partnerships with smaller, specialized cybersecurity vendors to acquire new data sources and point solutions, and offer services, such as unified threat management, in order to maintain relevance in this highly competitive market.
Juniper Research’s Competitor Leaderboard identified the five leading market cybersecurity vendors as:
1. Amazon Web Services (AWS)
“Cloud computing has been transformative for businesses, so it is no surprise that two of the biggest cloud computing vendors, AWS and IBM, also lead in the cybersecurity space.” Research co-author Damla Sat explained. She added, “For cloud vendors, effective cybersecurity is a basic requirement – by offering in house cybersecurity solutions, AWS and IBM are capitalizing on their existing large user bases; acquiring businesses and capabilities as needed to enhance their product offerings.”