New Report: Big Breaches Breed Bad Bots

December 8, 2018 | by Franklyn Jones

data breach

By now we’ve all seen the news on the recent Marriott breach. Yup, it was a big one. But there have been many other significant breaches in 2018, including Facebook, Quora, Panera, and the list goes on. Those breaches grab the headlines for just a few days, but they have a long tail that continues to impact other organizations for years to come. Specifically, these big breaches breed bad bots – automated attacks that leverage previously stolen credentials to target the external-facing apps of other unsuspecting organizations.

To learn more about the impact of never-ending, post-breach bot attacks, we commissioned Osterman Research to dig deeper. They gathered data from 211 large enterprises across the US to learn more about their experiences with bots, as well as their attack defense strategies. The results have been published in a new report. You can access the Osterman Research report here. But here are a few interesting nuggets:

  • 100% of these organizations have been victims of bot attacks
  • They experience more than 500 bot attacks each day
  • Attacks target web/mobile apps and APIs deployed on premises and in the cloud
  • Greatest damage is from account takeover, app DDoS, and API abuse attacks
  • 91% rely on web application firewalls for defense (clearly, they’re not working well)
  • Average bot attack detection/mitigation time exceeds 200 hours
  • Cost for each IT security team to deal with attacks exceeds $175,000/year

As long as there are data breaches, there will be secondary bot attacks. And they will continue to become more targeted, sophisticated, and dangerous to today’s hyper-connected organizations.

Traditional best practices have proven to be ineffective. The companies involved in this research understand that, and have expressed a need for more advanced, automated solutions that can:

  1. Accelerate detection and mitigation of bot attacks, and
  2. Improve the operational efficiency of their security teams.

Fortunately, we’ve been able to address both items on their wish list with the Cequence Application Security Platform (ASP) and the API Spartan module.

Michael Osterman, CEO of Osterman Research, will share more details on this research during a live webinar on January 30. If you download the report now, we’ll reach out after the new year and invite you to the webinar as well.

Franklyn Jones


Franklyn Jones

Additional Resources