Check Out All The Smart Security Summit On-Demand Sessions Here.
Imperva Threat Research’s 12-Month Analysis of Retail Security Threats Reveals Attacks on Websites, Apps, and APIs Throughout the Calendar Year, and Particularly During the Holiday Season , constitute an ongoing business risk. The state of e-commerce security in 2022 Report finds that automated threats – including account takeover, credit card fraud, web scraping, API abuse, Grinch bots and distributed denial of service (DDoS) attacks – have caused 62% of security incidents for online retailers. This is more than double the percentage of automated attacks seen in other industries.
The rise of automated cyberattacks
Over the past year, nearly 40% of traffic to retailer websites came from bots, operator-controlled software applications that perform automated tasks, often with malicious intent. Along with the continued increase in bot traffic, there is more sophistication in the bots attacking retailers, including a sharp increase in the percentage of attacks with their hidden sources, which are harder to detect and stop. In fact, attacks targeting online retailers from anonymity executives have increased from 3.5% to 32.9% over the past 12 months. In comparison, those attacks targeting other industries grew at a slower rate (from 1.6% to 13.6%).
Online retailers face higher security risks during the holiday shopping season. In 2021, bad bot traffic on e-commerce sites increased by 10% in October and another 34% in November. Additionally, Imperva estimates that a DDoS attack during the week of Black Friday can result in an average of 13 hours of site downtime.
Retailers, be careful with your APIs
Retailers should also take care to protect their APIs. In 2021, API attacks increased by 35% between September and October, then increased again by 22% in November. This trend suggests that malicious actors are ramping up attacks during the holiday shopping season, trying to use the API as an exfiltration route for customer data and payment information.
On-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
It’s not too late for retailers to adopt a unified approach that can mitigate attacks without disrupting shoppers. E-commerce teams can prepare their sites and protect their data against these automated attacks that operate around the clock. Strategies such as stress testing infrastructure and implementing bot management can make the difference in combating automated attacks.
Read Imperva’s full report.
VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Discover our Briefings.