The Growing Threat Of Organized Bot Attacks Creates Opportunities For Service Providers
By Kirk Horton, Netacea
Despite the current state of the economy, MSPs still have a tremendous opportunity to grow their businesses by offering cybersecurity services to companies that do not have the right expertise in-house. Let’s face it, there has been a shortage of cybersecurity professionals for years. In fact, amidst a growing threat landscape and expanding attack vectors, there aren’t enough skilled workers to fill open positions with an estimated 2.7 million jobs left unfilled in 2021. Service providers can plug the gaps left by these unfilled positions, expanding their businesses into new vertical markets and new regions.
With the convergence of growing threats and a lack of trained security professionals to ward off cyber criminals, security may be one of the most “inflation-proof” IT niches — a good omen for channel companies. Gartner backs up the accelerated growth of the security market, predicting spending in the information security and risk management market will grow from $172.5 billion in 2022 to $267.3 billion in 2026, a compound annual growth rate (CAGR) of 11%.
Building an effective cybersecurity defense initiative requires a variety of solutions that address everything from the endpoint to servers and beyond. One often overlooked and misunderstood niche is bot management and mitigation. There is good reason for confusion — while consumers think about bots in terms of those used on social media to sow misinformation, “bad bots” also target enterprises to scrape data and content or use stolen passwords to take over and sell user accounts, as in the case of streaming media services.
The Bot Threat Is Underestimated And Misunderstood
Bots are a relatively new threat to businesses and have grown more advanced and powerful in recent years. As a result, many organizations don’t have a good grasp on exactly how they are being targeted and what can be done to prevent these attacks. MSPs and their partners can provide companies with the guidance and expertise on the threats bots pose, and work with them to create a holistic security program that takes the potential for bot attacks seriously, protecting company websites, mobile apps, and APIs.
Our recent research highlights the misconceptions about bot attacks, but also exposed the fact that many bot attacks are going undiscovered for as long as 16 weeks, and all types of attacks are on the increase. Companies are finding it hard to stay one step ahead, using a “whack-a-mole” defense as bot operators shift their tactics to avoid detection, attacking APIs and mobile apps as well as websites. Other report findings include:
- Attacks from each of the main types of bots — sniper, account checker, scalper, and scraper — have all increased by between 7-9% from our previous report published in 2021. In fact, 53% of businesses now detect attacks from account checker bots.
- Bot operators are staying one step ahead of companies by changing tactics, with 60% of businesses detecting attacks on APIs and 39% detecting attacks on mobile apps (up from 46% and 23% in 2021, respectively).
The report also revealed that businesses often hold basic misconceptions about bots that could lead to weakness when it comes to building a decent defense. Just a few of these myths include:
- DDoS protection is an effective defense against bots — In reality, DDoS protection only protects against DDoS attacks, not bot attacks. The birth of this myth could be since DDoS attacks are launched using a network of compromised devices, also known as a botnet. However, this is very different from a bot attack, and DDoS protection is ineffective against sophisticated bot attacks that seek to exploit business logic.
- Russia and China are responsible for most bot attacks — While it’s true that Russia and China are responsible for some bot attacks, it’s close to just one-third of all threats. Approximately 50% of organizations detected threats from the U.S., and U.K., with many from throughout Europe.
- All bots originate on the dark web — This was true at one time, but it’s no longer the case. Bot operators seeking to expand their operations by selling their bots “as a service” to bad actors are now using the “clear web.” Increasingly we see not just bots, but data dumps of usernames and passwords made available on the web and accessible to anyone.
Global cyberattacks continue to grow at a rapid pace, with Cybersecurity Ventures expecting costs due to cybercrime to grow by 15% per year over the next five years, reaching $10.5 trillion annually by 2025. The proliferation of bot attacks only compounds organizations’ security challenges. MSPs and channel companies can help their customers better understand bot threats, educating them on the required ingredients for successful security and bot mitigation programs. As bots grow in popularity, service providers can close the security skills gap, opening the door to new business opportunities.
About The Author
Kirk Horton is an industry veteran and executive leader with over 20 years of experience in sales and channel leadership. He is currently leading and building Netacea’s world-class partner organization. His previous experience includes executive positions at enterprises such as Akamai, IPR International, QTS Realty Trust, Nautilus Data Technologies, Telx, Cable & Wireless, Digital Island, and Sandpiper Networks.