Retailers Take Notice: Automated Threats Cause 62% of Security Incidents

Retailers Take Notice: Automated Threats Cause 62% of Security Incidents

By Stefania Viscusi

Digital security solutions provider Imperva recently released its “The State of Security Within eCommerce 2022” report which found persistent security threats plaguing online retailers.

More specifically, automated threats -- from account takeover, credit card fraud, web scraping, API abuses, Grinch bots, and distributed denial of service (DDoS) attacks -- have been an ongoing and increasingly consistent challenge for the eCommerce industry. What’s worse, the potential for these attacks is threatening online sales and customer satisfaction levels and is leaving online retailers in a bad place for sales and future growth.

While in many industries, human error is blamed for security incidents, it’s a different story in eCommerce. The types of automated threats they’re seeing are not coming from human users, in fact, but bots and software applications that are dispersed with malicious intent to run automated tasks.

Right now, with the holiday shopping season already in full swing, online retailers must be especially vigilant about these attacks and risks. One of the most popular automated attacks happening during the holiday season is the aptly named Grinch bot, which uses software to hoard and scoop up high-demand items so consumers have a hard time finding them online.

“The holiday shopping season is a critical period for the retail industry, and security threats could undermine retailers’ bottom line again in 2022,” says Lynn Marks, Senior Product Manager, Imperva. “This industry faces a variety of security risks, the majority of which are automated and operate around the clock. Retailers need a unified approach to stop these persistent attacks, one that focuses on the protection of data and is equipped to mitigate attacks quickly without disrupting shoppers.”

Abuse of APIs is also becoming a common security risk for retailers. They are used to enable applications to share data and invoke digital services, but some of the traffic is directed to undocumented or Shadow APIs and become vulnerable during things like botnet flood with unwanted traffic is sent into vulnerable applications for an attack on customer data and payment information. The use of these methods is especially high during holiday seasons, when online shoppers are doing more buying than usual.

Malicious bots found on retail sites have grown from 23.4 percent last year to 31.1 percent in 2021.

Another automated threat, a distributed denial of service (DDoS) attack, attempts to disrupt critical business operations by flooding malicious traffic into the network or application infrastructure.

According to findings in Imperva’s report, DDoS attacks in 2022 are larger and stronger across all industries. Fifty-five percent of websites were hit by an application layer DDoS and 80 percent were hit by a network layer DDoS and attacked multiple times.

Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Related Articles

Say Goodbye to Passwords: 1Password Unveils Two Passkey Innovations

By: Greg Tavarez    6/9/2023

1Password now offers customers the ability to save and sign into online accounts with passkeys as well as unlocking 1Password accounts with a passkey.

Read More

Industrial Cybersecurity Transformed: Secureworks Launches Integrated MDR Solution for OT and IT

By: Greg Tavarez    6/8/2023

Secureworks announced two new offerings to unify the way industrial organizations prevent, detect and respond to threats across the OT and IT landscap…

Read More

K8 Notifier: A New Twist on Cloud Cybersecurity

By: Matthew Vulpis    6/8/2023

K8 Notifer can create a suite of alerts for MSP to detect suspicious activity in the configuration and patterns of their and their customers cloud ser…

Read More

Impossible Cloud Paves Way with New Program in the Web3 Era

By: Greg Tavarez    6/8/2023

Impossible Cloud's Partner Program allows partners and resellers to seamlessly implement, demo and integrate its efficient, performance-driven solutio…

Read More

CrowdStrike Empowers Next-Gen Cybersecurity with Generative AI

By: Stefania Viscusi    6/8/2023

Security company CrowdStrike unveiled Charlotte AI, a new generative AI cybersecurity that will help to democratize security and empower users of the …

Read More