Specialized third-party solutions are proving notably effective in helping businesses tackle malicious bots, account takeover (ATO) attacks, and third-party script threats. That’s according to a new survey of IT and security professionals by security vendor Akamai in collaboration with Foundry (CSO is a Foundry brand). The pair surveyed more than 300 global IT and security decision-makers about the solutions they use for preventing fraud and abuse, with those implementing dedicated third-party offerings seemingly benefitting from significant, quantifiable improvements in their ability to mitigate risks.
Bot-dedicated solutions deliver traffic management, security control benefits
Malicious bots pose significant security threats to organizations and are often used to scrape content from websites, launch credential-stuffing campaigns, or overwhelm applications and websites with distributed denial-of-service (DDoS) attacks. Bot operators are also constantly evolving their tactics and techniques to evade detection. According to a 2022 Forrester report, over a quarter of all internet traffic comes from “bad bots” that consume resources and overwhelm websites.
Three-quarters of the IT and security professionals Akamai surveyed experienced malicious bot attacks in the last 12 months. Almost nine out of 10 (89%) respondents said they use third-party or a combination of third-party and in-house solutions to combat malicious bots, countermeasures especially common in the US (96%) and Europe (93%), according to the report. Almost all (97%) reported an improvement in their efforts to combat bots, with 54% of those using third-party solutions stating that their cybersecurity capabilities have improved significantly. Of those who saw significant improvement, the ability to handle high heat events and surges in traffic (47%) and to balance security controls with performance optimization (41%) were among the top capabilities/gains most frequently cited.
Businesses with specialized ATO defenses cite detection, visibility, notification gains
ATO attacks are a threat to organizations across verticals, particularly for businesses that have large numbers of inactive and non-maintained accounts. Cybercriminals use a variety of techniques to commandeer legitimate accounts, with fraudsters adept at using information stolen from forgotten or otherwise non-upheld accounts. Identity sprawl can also trigger ATO risks, predominantly if employees reuse (or only slightly alter) passwords or do not perform security reviews. Successful ATO attacks can destroy customer trust and seriously damage a brand’s reputation. They also consume already strained security resources.
More than three-quarters (79%) of respondents said their business had been targeted by ATO attacks in the last 12 months. Most said their companies had ATO-specific countermeasures in place, either using a third-party solution (83%) or a combination of in-house and third-party solutions (64%). Europe (95%) and the US (93%) are the two regions with the highest use of specialized solutions. Two-thirds of respondents said that their cybersecurity capabilities had significantly improved since deploying specialized ATO defenses, while 31% said they had somewhat improved.
The most frequently reported gains by those who saw significant improvement were the ability to detect fraudulent or suspicious activity (44%), visibility into indicators of account compromise (41%), and detection of fraudulent or suspicious logins (39%). Respondents also cited notable improvement in the time it takes to be notified of suspicious activity since implementing specialized ATO prevention solutions, which has been cut by up to 34%, according to the report.