97 Percent of Top Websites Lack Bot Protection
Bots are everywhere these digital days - and they aren't always used for good.
An enterprise's competitors, as well as hackers/fraudsters are scraping your Web content, engaging in brute force attacks, competitive data mining, perpetuating fraud, hijacking accounts, stealing data and causing downtime. While they vary in volume and sophistication, bots put an increasing burden on IT security and Web infrastructure teams and essentially wreak havoc in every conceivable way within online operations big and small.
Bot detection and mitigation solution Distil Networks released a study evaluating how many of the top websites performed when attacked by different types of bots.
The data was revealed as one component of the Online Trust Alliance's (OTA) Online Trust Audit, the Audit and Honor Roll, which recognizes excellence in the adoption of best practices in consumer protection, security and responsible privacy practices. The audit evaluated the top websites in retail, financial services, consumer services, OTA members, news and media, and even some U.S. government agencies. The data revealed a record 50 percent of sites qualified for the Honor Roll, up from 30 percent just two years ago. At the same time, the audit identified concerning gaps in site security and data privacy practices.
Distil Networks tested each of the 1,000 websites included in the Online Trust Audit on their ability to defend against bot attacks of different sophistication levels, including browser automation bots (Advanced), hidden legitimate browser bots (Evasive), bots lacking well-formed Web browsers (Simple), and bots acting as bots (Crude). The more sophisticated the bot, the worse IT departments are at detection.
"Bots, especially Advanced Persistent Bots (APBs) are evolving in sophistication because of their polymorphic nature and quick deployment to access sensitive information and reap monetary benefits. Our 2016 Bad Bot Landscape Report found over 88 percent of all bad bot traffic last year was made up of APBs -- bots that mimic human behavior," said Rami Essaid, CEO and co-founder of Distil Networks. "OTA's Trust Audit continues to set the bar for best practices, including evaluation of bot risk. We support OTA's efforts to promote best practices in the industry and are troubled to find that most companies are failing to keep their defenses up to the sophistication level of today's advanced and evasive bots. This is concerning, as bots can easily paralyze website infrastructure, pirate entire online directories and destroy a company's competitive advantage."