Report: 62% of retailers’ cybersecurity incidents come from automated threats

Check out all the on-demand sessions from the Intelligent Security Summit here.

A 12-month analysis by Imperva Threat Research of the security threats targeting retail finds that attacks on websites, applications and APIs throughout the calendar year, and especially during the Christmas shopping season, are a persistent business risk. 2022 State of Security in e-commerce the report reveals that automated threats – including account takeover, credit card fraud, web scraping, API abuse, Grinch bots and distributed denial of service (DDoS) attacks – caused 62% of security incidents for online retailers. That is more than double the percentage of automated attacks observed in other industries.

The rise of automated cyber attacks

In the past year, nearly 40% of traffic on retailers’ websites came from bots, software applications controlled by operators that run automated tasks, often with malicious intent. Alongside the continued increase in bot traffic, there is more sophistication in the bots attacking retailers, including a large increase in the percentage of attacks with hidden sources, which are harder to detect and stop. In fact, attacks targeting online stores originating from anonymity frameworks have jumped from 3.5% to 32.9% over the past 12 months. In comparison, such attacks targeting other industries increased at a slower pace (from 1.6% to 13.6%).

Image source: Imperva

Online retailers face higher security risks during the holiday shopping season. In 2021, “bad bot” traffic on ecommerce sites increased by 10% in October and another 34% in November. Also, Imperva estimates that a DDoS attack during Black Friday week could result in an average of 13 hours of site downtime.

Retailers, watch your APIs

Retailers also need to be mindful of protecting their APIs. In 2021, API attacks increased by 35% between September and October, and then increased by another 22% in November. This trend suggests that bad actors increase their attacks around the Christmas shopping season, trying to use the API as a route to exfiltrate customer data and payment information.


Intelligent Security Summit On-Demand

Learn the critical role of AI and ML in cybersecurity and industry-specific case studies. Watch sessions on demand today.

Look here

It’s not too late for retailers to take a unified approach that can mitigate attacks without disrupting customers. E-commerce teams can prepare their sites and protect their data against these automated attacks that operate around the clock. Strategies such as stress testing infrastructure and implementing bot management can make a difference in the fight against automated attacks.

Read the full report from Imperva.

VentureBeat’s mission will be a digital town square for technical decision makers to gain knowledge about transformative business technology and transactions. Discover our orientations.

Leave a Reply

Your email address will not be published. Required fields are marked *