A new study developed by Distil Networks and the Online TrustAlliance revealed 95% of top websites across different verticals,including financial services, are no match against advancedpersistent and damaging bots.
|The survey found that while an average of 16% of websites acrossall industries can thwart simple bot attacks, only 5% properlyprotect against sophisticated attacks. In fact, the report foundthat of the websites tested, only 4% could detect evasive or advanced bots.
|The ninth annual audit, powered in part by San Francisco-basedbot detection and mitigation firm Distil, evaluated the top 1,000websites in retail, banking, consumer services, government, newsmedia, internet service providers and OTA members.
|According to Distil, bots, used by competitors, hackers andfraudsters. are key culprits behind web scraping, account takeover,competitive data mining, online fraud, data theft, unauthorizedvulnerability scans, spam, digital ad fraud, and downtime. Botsvary in volume and sophistication, but all place an increasingburden on IT security and global web infrastructure teams, wreakinghavoc across big and small operations.
|“While top websites do a better job protecting against simplebots, they continue to miss the mark in more sophisticated botsthat can mimic human behavior,” Rami Essaid, CEO/co-founder ofDistil Networks said. “Our annual Bad Bot Report found that 75% oftoday's bad bots are advanced persistent bots that can either loadJavaScript, hold onto cookies, and load up external resources, orrandomize their IP address, headers and user agents.”
|Distil tested each website included in the OTA Online TrustAudit on their ability to defend against bot attacks of differentsophistication levels, including:
- Sophisticated Bots – “Low-and-slow” bots coming in from dozensof IP addresses, using browser automation tools that hold cookiesand maintain state
- Moderate Bots – Contain normal browser user agents and headers,coming in slowly from one IP.
- Simple Bots – Non-browser user agents and headers, coming infast from one IP.
- Crude Bots – Basic script that behaves like a bot, coming fastfrom one IP address.
The findings show that while most industries tested canadequately protect against crude bots, they struggle to effectivelyblock simple, moderate, and sophisticated bots. Financialinstitutions are 85% successful against crude bots, 14% againstsimple, and 7% each against moderate and sophisticated bots.
|Federal websites block 22% percent of simple bots, but onlyprotect against 1% of sophisticated bots, performing below anyother industry tested.
|Despite poor performance, this year's findings reveal anoticeable upgrading from Distil's 2016 study, which found thatwebsites tested could protect against only 0.7 percent ofsophisticated bots. Such improvement comes from the gradualmovement toward greater awareness and adoption of more advanced botdetection and mitigation solutions.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
