VentureBeat presents: AI Unleashed - An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More
A 12-month analysis by Imperva Threat Research of the security threats targeting retail finds that attacks on websites, applications and APIs throughout the calendar year, and in particular during the holiday shopping season, are a continuing business risk. The 2022 State of Security Within eCommerce report reveals that automated threats — including account takeover, credit card fraud, web scraping, API abuses, Grinch bots and distributed denial of service (DDoS) attacks — caused 62% of security incidents for online retailers. That’s more than twice the percentage of automated attacks observed across other industries.
The rise of automated cyberattacks
In the past year, nearly 40% of traffic on retailers’ websites came from bots, software applications controlled by operators that run automated tasks, often with malicious intent. Alongside the continued rise in bot traffic, there is more sophistication in the bots attacking retailers, including a large increase in the percentage of attacks with their sources hidden, which are harder to detect and stop. In fact, attacks targeting online retailers that originated from anonymity frameworks jumped from 3.5% to 32.9% over the past 12 months. In comparison, such attacks targeting other industries increased at a slower pace (from 1.6% to 13.6%).
Online retailers face higher security risks during the holiday shopping season. In 2021, “bad bot” traffic on ecommerce sites increased by 10% in October and another 34% in November. What’s more, Imperva estimates that a DDoS attack during Black Friday week can result in an average of 13 hours of site downtime.
Retailers, mind your APIs
Retailers also need to be mindful of protecting their APIs. In 2021, API attacks increased by 35% between September and October, then spiked another 22% in November. This trend suggests that bad actors increase attacks around the holiday shopping season, trying to use the API as a pathway for exfiltrating customer data and payment information.
An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.
It’s not too late for retailers to take a unified approach that can mitigate attacks without disrupting shoppers. Ecommerce teams can prepare their sites and protect their data against these automated attacks that operate around the clock. Strategies like stress-testing infrastructure and implementing bot management can make a difference in the fight against automated attacks.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.