Thanks to the proliferation of the Internet of Things, the ability for bots to cause havoc at a global level has increased significantly.
IoT devices are susceptible to becoming part of a malicious botnet, and it’s possible for hackers to weaponise IoT devices to launch powerful DDoS attacks. As more devices are connected to the Internet, these types of attack pose an increased risk to not only the defences of an enterprise but also to a whole nation.
As such, 75% of organisations surveyed by the Neustar International Security Council (NISC) are concerned about bot traffic posing a threat to data security.
Besting the bad bots: how advanced persistent bots are attacking sites, and what to do about them
Security professionals perceived DDoS attacks to be the highest threat to their enterprise, 52% admitting to being on the receiving end of an attack. This was followed by system compromise, ransomware and financial theft.
“Fears around bot traffic and bot-powered DDoS attacks are extremely valid but by no means new,” said Rodney Joffe, Head of the NISC and Neustar Senior Vice President and Fellow. “Unfortunately, bot traffic makes up a large proportion of the Internet.”
Alarmingly, these fears persist even though the same number of enterprises already have bot traffic management solutions in place – implying a continuing gap between attack sophistication and organisational readiness.
Who’s afraid of the big, bad bot?
“It is key that organisations make sure incoming data is scrubbed in real-time, while also identifying patterns of good and bad traffic to help with filtering. While it is encouraging to see that more organisations are implementing bot traffic management solutions, it is imperative that businesses employ a holistic protection strategy across every layer for the best level of protection. Implementing a Web Application Firewall (WAF) is crucial for preventing bot-based volumetric attacks, as well as threats that target the application layer.”
For the study, the NISC interviewed 200 senior position holders such as CTOs. IT directors and security consultants across the EMEA region.