New Report: Big Breaches Breed Bad Bots

December 8, 2018

data breach

By now we’ve all seen the news on the recent Marriott breach. Yup, it was a big one. But there have been many other significant breaches in 2018, including Facebook, Quora, Panera, and the list goes on. Those breaches grab the headlines for just a few days, but they have a long tail that continues to impact other organizations for years to come. Specifically, these big breaches breed bad bots – automated attacks that leverage previously stolen credentials to target the external-facing apps of other unsuspecting organizations.

To learn more about the impact of never-ending, post-breach bot attacks, we commissioned Osterman Research to dig deeper. They gathered data from 211 large enterprises across the US to learn more about their experiences with bots, as well as their attack defense strategies. The results have been published in a new report. You can access the Osterman Research report here. But here are a few interesting nuggets:

  • 100% of these organizations have been victims of bot attacks
  • They experience more than 500 bot attacks each day
  • Attacks target web/mobile apps and APIs deployed on premises and in the cloud
  • Greatest damage is from account takeover, app DDoS, and API abuse attacks
  • 91% rely on web application firewalls for defense (clearly, they’re not working well)
  • Average bot attack detection/mitigation time exceeds 200 hours
  • Cost for each IT security team to deal with attacks exceeds $175,000/year

As long as there are data breaches, there will be secondary bot attacks. And they will continue to become more targeted, sophisticated, and dangerous to today’s hyper-connected organizations.

Traditional best practices have proven to be ineffective. The companies involved in this research understand that, and have expressed a need for more advanced, automated solutions that can:

  1. Accelerate detection and mitigation of bot attacks, and
  2. Improve the operational efficiency of their security teams.

Fortunately, we’ve been able to address both items on their wish list with the Cequence Application Security Platform (ASP) and the Bot Defense module.

Michael Osterman, CEO of Osterman Research, will share more details on this research during a live webinar on January 30. If you download the report now, we’ll reach out after the new year and invite you to the webinar as well.

Application FraudCequence SecurityStolen Credentials

About the Author

Franklyn Jones


Browse our library of datasheets, research reports, blogs, and archived webinars to learn more about our Application Security Platform.

27 March 2020

Bulletproof Proxies: The Evolving Cybercriminal Infrastructure

Read Now
29 March 2020

Zoosk: Preventing ATOs and Romance Fraud

Read Now

Subscribe to our blog

Join us for our Weekly Webinar Series: API Best Practices Register now