Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:00 AM
Gary Sevounts, Chief Marketing Officer, Kount
Gary Sevounts, Chief Marketing Officer, Kount
Sponsored Article

The $500,000 Cost of Not Detecting Good vs. Bad Bot Behavior

Bot attacks caused financial harm to 80% of eCommerce businesses, according to new research. Read more results, and how bot protection is evolving in response

Bots are a permanent part of the internet. Good, questionable, or malicious bot activity makes up a substantial amount of internet traffic. And bots can perform a variety of both critical and criminal operations. Businesses that can tell the difference – block bad bots and allow good bots – can improve customer experiences. But it’s no easy task.

The recent 2020 Bot Landscape and Impact Report is based on a survey of more than 250 companies engaged in eCommerce. 88% of leaders in business, cybersecurity, and IT reported that complex, sophisticated attacks are more difficult to detect. And existing solutions aren’t working against these emerging attacks.

That poses a major problem, because attacks have become more frequent and costly:

  • 81% often or very often deal with issues related to malicious bots.
  • More than half encountered over 50 bot attacks in the last 12 months.
  • 80% reported an increase in financial loss caused by sophisticated bot attacks.
  • 1 in 4 said a single bot attack cost at least $500,000 in the past year.
  • 2 in 3 say a single attack cost $100,000 or more.


Why good, malicious, and questionable bots complicate protection

It’s not enough to simply prevent bot traffic, although even that is not as easy as it sounds. Complex bots can closely mimic human behavior. And bot traffic, both good and malicious, occurs throughout the eCommerce customer journey, including:

  • Account creation
  • Login
  • Point redemption
  • Product selection
  • Checkout
  • Payment

Good bots

Blunt tools that turn away bot traffic can also prevent good bots — and 96% of companies depend on good bots. These bots include search engine and SEO tools, virtual assistants, and chatbots. And they help businesses to optimize operations and enhance the eCommerce journey. 

Malicious bots

Malicious bots can cause damage at any point in business operations. Sophisticated bots can take down infrastructure, freeze inventory, and reduce productivity. And they can steal customer information for financial gain or disrupt the customer experience to cause severe brand damage.

  • Some of the most common attacks are:
  • Brute force or credential stuffing attacks that take over customer accounts
  • Card testing to identify usable stolen credit cards
  • Price or content scraping for a competitive advantage
  • Social campaigns designed to mislead or inflame users
  • Distributed denial of service (DDoS) to disrupt or take down a website or digital service

Questionable bots

Business goals or department perspectives determine if a questionable bot is good, bad, or neutral. For example, scraper bots/web scrapers collect content from websites. They may capture product reviews, breaking news, pricing information and catalogs, user-generated content on community forums, and so on. For some businesses, this activity can promote products on multiple sites frequented by high-value customers. For others, it diverts visitors to a third-party website which reduces advertising and upsell opportunities or hurts the customer experience.

Consequences of bot attacks

Malicious bot attacks can carry major consequences. Crashed websites, compromised customer information, fake accounts, or frozen inventory come with high costs – not all financial. 59% of businesses have lost partners due to bot issues. And 41% report diminished brand reputation.

The evolution of bot detection

Today, digital businesses need to detect bots that penetrate further into the eCommerce operations. While web application firewalls (WAFs) and content delivery networks (CDNs) can defend the perimeter, they can’t identify and manage sophisticated bots within the customer journey. Businesses are urgently seeking tools that can detect and manage different bot types, but don’t disrupt customer experiences.

Why aren’t WAFs and CDNs enough? Three generations of bot detection illustrate the problem:

  • The first generation of bot detection solutions defended the perimeter; they prevented websites or systems from melting down when overwhelmed by requests. WAFs and CDNs were able to stop distributed denial of service (DDoS) and other brute force attacks. Eventually, malicious bots began dodging WAFs to penetrate deeper into an organization’s processes to cause financial harm.
  • In response, the second generation of bot detection moved to the cloud to better detect bots and protect against different aspects of digital commerce fraud. Rather than an exclusive problem for infosec, departments responsible for customer experience began looking for tools beyond WAFs.
  • The new generation in bot detection is event-based protection. Tools can’t always differentiate between humans and the human-like actions of sophisticated bots. But modern solutions embed protection into the business workflow. They compare network, device, and behavioral characteristics with identity trust signals to assess risk in real time. In this way, event-based solutions protect the complete customer journey – from account creation and login to payment and checkout.

Kount’s next-generation, Event-Based Bot Detection applies a layered approach to accurately identify and segment good, malicious, and questionable bots. Kount links network, device, and behavioral characteristics to billions of trust and risk signals in order to assess risk in real time, and in the context of the attack. Businesses gain fine-tuned control over bots throughout the digital journey.

About the Author

Gary Sevounts is the Chief Marketing Officer at Kount. Sevounts has more than 20 years of enterprise technology experience as a seasoned marketer, industry thought leader and spokesperson in security, data protection and fraud prevention. Prior to joining Kount, he served as CMO of Aryaka Networks. Sevounts has spearheaded direction and development for some of the security industry’s most successful brands including Symantec, Panda Security, and Hewlett-Packard.


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/24/2020 | 10:44:45 PM
Great Article
Great article, Gary. I always enjoy reading about thiings I don't really think about and suddenly realize that I should as a result of having read it! 😎 Best to you and your family -- stay safe & be well... Michael
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-23
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
PUBLISHED: 2021-06-23
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
PUBLISHED: 2021-06-23
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.