Retailers Take Notice: Automated Threats Cause 62% of Security Incidents

Retailers Take Notice: Automated Threats Cause 62% of Security Incidents

By Stefania Viscusi

Digital security solutions provider Imperva recently released its “The State of Security Within eCommerce 2022” report which found persistent security threats plaguing online retailers.

More specifically, automated threats -- from account takeover, credit card fraud, web scraping, API abuses, Grinch bots, and distributed denial of service (DDoS) attacks -- have been an ongoing and increasingly consistent challenge for the eCommerce industry. What’s worse, the potential for these attacks is threatening online sales and customer satisfaction levels and is leaving online retailers in a bad place for sales and future growth.

While in many industries, human error is blamed for security incidents, it’s a different story in eCommerce. The types of automated threats they’re seeing are not coming from human users, in fact, but bots and software applications that are dispersed with malicious intent to run automated tasks.

Right now, with the holiday shopping season already in full swing, online retailers must be especially vigilant about these attacks and risks. One of the most popular automated attacks happening during the holiday season is the aptly named Grinch bot, which uses software to hoard and scoop up high-demand items so consumers have a hard time finding them online.

“The holiday shopping season is a critical period for the retail industry, and security threats could undermine retailers’ bottom line again in 2022,” says Lynn Marks, Senior Product Manager, Imperva. “This industry faces a variety of security risks, the majority of which are automated and operate around the clock. Retailers need a unified approach to stop these persistent attacks, one that focuses on the protection of data and is equipped to mitigate attacks quickly without disrupting shoppers.”

Abuse of APIs is also becoming a common security risk for retailers. They are used to enable applications to share data and invoke digital services, but some of the traffic is directed to undocumented or Shadow APIs and become vulnerable during things like botnet flood with unwanted traffic is sent into vulnerable applications for an attack on customer data and payment information. The use of these methods is especially high during holiday seasons, when online shoppers are doing more buying than usual.

Malicious bots found on retail sites have grown from 23.4 percent last year to 31.1 percent in 2021.

Another automated threat, a distributed denial of service (DDoS) attack, attempts to disrupt critical business operations by flooding malicious traffic into the network or application infrastructure.

According to findings in Imperva’s report, DDoS attacks in 2022 are larger and stronger across all industries. Fifty-five percent of websites were hit by an application layer DDoS and 80 percent were hit by a network layer DDoS and attacked multiple times.

Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Related Articles

ServiceNow Transforms the Employee Experience with Additions to Now Platform

By: Greg Tavarez    5/20/2024

ServiceNow announced the addition of new automation solutions to the Now Platform to transform the employee experience and simplify work across the en…

Read More

ICYMI: News Around the MSP Industry

By: Greg Tavarez    5/17/2024

Here are a few articles compiled into one for readers interested in developments around the MSP space.

Read More

Wildix UK and Ireland Shake Up Leadership for Growth and Innovation

By: Greg Tavarez    5/16/2024

Wildix announced a strategic leadership transition designed to propel the company's market growth.

Read More

Are Resellers Leaving Money on the Table?

By: Special Guest    5/16/2024

The expert and correct installation of network infrastructure and other components is crucial to every IT project's success, adding tangible value by …

Read More

Bitwarden's New Standalone App Makes Two-Factor Authentication Simple

By: Greg Tavarez    5/15/2024

Bitwarden recently launched a standalone app for two-factor authentication to protect online services and applications from unauthorized access.

Read More