For e-merchants, end-of-year celebrations are synonymous with booming business. Indeed, this period – opened with “Black Friday” and “Cyber Monday” – often represents a real gold mine. However, the cyber threat can present a significant risk. If an incident hampers sales during these busy weeks, the business can collapse. The danger has a name: bots.
By Jim Downey, Senior Product Marketing Manager chez F5
Bots are software or scripts that perform automated, repetitive tasks. They are all over the web. We think so up to 50% of Internet traffic is made up of non-human visits. While some bots are good for businesses (for example, crawler bots), bad bots cause significant financial damage to e-commerce businesses: they slow down website and application performance, take possession of assets, accumulate inventory, and take over of accounts by stuffing credentials, leading to fraud and identity theft.
According to the report Cyberthreat trends during the 2022 holiday season published by the Retail and Hospitality Information Sharing and Analysis Center (ISAC), “The holiday season is the busiest time of year for consumers and cybersecurity professionals dealing with persistent threats. Beginning in early October and continuing through the end of December, cyberthreats targeting businesses grow in both scale and intensity to keep pace with increased consumer traffic. »
READ ALSO:
news"/>
Secu
After sprinklers watered, hackers hacked
What impact can bots have on vacation revenue?
Bot attacks are multifaceted and can harm sales, operations, and customer relationships in a variety of ways. Anticipating how bots can compromise your apps with sophisticated automated attacks and understanding how to mitigate them can help your business meet holiday revenue forecasts.
Content scraping
The content scraping involved the use of automated bots to harvest large amounts of content from targeted applications for analysis, reuse or sale elsewhere. While content scraping has legitimate uses (for example, online travel aggregators check airline websites for information about airfares), it can also be used for illegal purposes, including price manipulation by competitors and the theft of copyrighted content. Additionally, high volumes of scraping can affect site performance and cause outages, preventing legitimate users from accessing the site.
The impact of scraping can be especially damaging during times of high business activity, when your e-site is already in demand from potential customers. Competing companies may be more motivated to pull up-to-date pricing data from your site to adjust quickly. This extra traffic can cause your site to crash or slow down and not respond to the needs of your customers. With online shopping, performance is key as competitors are just a click away.
Stock accumulation
Inventory management is also sometimes difficult to manage in this period of heavy buying and merchants face particularly difficult challenges in this period where the supply chain is potentially more targeted by cyber risk. Inventory hoarding bots can complicate logistics by putting large numbers of products on hold, removing them from inventory, and preventing actual customers from making purchases. Continuous inventory hoarding and other forms of bot manipulation risk deterring shoppers and threatening customer loyalty and brand reputation, not to mention impacting sales when consumers shop elsewhere.
READ ALSO:
news"/>
Secu
The Anssi opens a service to help public services become safe and greets its general manager.
Resale/price gouging
Sellers who offer limited-time offers run the risk of retailer bots instantly completing the online checkout and payment process to purchase goods in bulk as soon as they go on sale. They then resell these items on secondary markets by a large margin.
Storage and shopping bots allow criminals to control valuable inventory and price levels, leading to artificial shortages, inventory denial and consumer frustration.
Credential stuffing
The credential stuffing It’s another bot tactic that can hurt your holiday purchases and income. Knowing that many users reuse their passwords from one application to another, attackers test a large amount of compromised information to gain control of accounts and commit fraud. The holiday season is a great opportunity for criminals to pull off these exploits – they take advantage of the heavy workload on cybersecurity teams, because they know it will take longer for companies to detect fraud.
In fact, even when bots fail to take over accounts, they often cause accounts to be locked out by repeatedly attempting incorrect passwords, forcing customers to go through a forgot password process or call customer service. When a shopper has a cart full of Christmas gifts, it’s a bad time to tell them their account has been blocked.
READ ALSO:
news"/>
Secu
Cyber-resilience: a new AFNOR guide available for free consultation
Don’t try to fight the bots by imposing friction on customers.
While mitigating the impact of bots is essential to meeting your holiday income goals, some methods of battling bots are effective and others are not. Some classic bot defenses that complicate the buying process and make it more annoying can be just as bad for shoppers as the exploits they try to prevent. When shoppers are ready to make a purchase, do you really want to annoy them with CAPTCHA puzzles or force them to sign up for MFA? Knowing your competitors are just a click away, any obstacle can impact your conversion rates.
Bottom line, when you think about bots and vacations, remember that bad bots take a heavy toll on already busy security teams and customer support teams dealing with angry customers whose accounts have been blocked. IT security teams work long hours throughout the season trying to stop bots before they can hurt your revenue and customer experience. Proper bot neutralization can bring some relief to frontline employees. We wish you great sales and end-of-year celebrations, bot-free.
READ ALSO:
Secu
The requirement for digital trust goes far beyond cyber security
