Keeping up with automated threats is becoming harder

98% of organizations attacked by bots in the past year lost revenue as a result, according to Kasada. Web scraping (web crawling) is a significant threat followed closely by account fraud, with more than one third of IT/IS specialists reporting their organizations experienced over 5% revenue loss due to each.

Source: Kasada

Traditional bot mitigation solutions are falling short

Kasada’s report surveyed security and technology professionals at companies already using bot management, of which 67% are currently using CDN-based bot detection. 30% say their organization has spent $1,000,000 or more on mitigating bot attacks over the past year.

Despite these expenditures, traditional bot mitigation solutions are failing. Just 1 in 5 say that after initial deployment, their bot mitigation solution(s) retained effectiveness for more than 12 months. So, it’s not surprising that 79% say they are likely to switch bot mitigation providers based on their detection and efficacy.

Organizations are still allocating a majority of their bot management budget (63%) to ongoing management and remediation vs. the cost of their bot management solution itself (37%). Allocating a significant portion of the bot management budget to ongoing maintenance and remediation indicates a reactive approach to bot attacks.

“Financially-motivated adversaries are circumventing traditional bot defenses more quickly than many can adapt,” said Sam Crowther, CEO of Kasada. “To add to injury, new technologies, like AI, are lowering the barrier to entry for attackers—increasing the number of automated threats that organizations are facing. Companies need a bot mitigation approach that is as dynamic as the adversary—quick to evolve, difficult to evade, and invisible for customers.”

Leaders are worried about AI-fueled fraud

87% of IT/IS specialists say their executive team is concerned about bot attacks and AI-driven fraud. Many IT/IS specialists are concerned about AI fueling more complex and more frequent bot attacks.

The following AI-driven security threat scenarios are the most concerning:

• Generative AI enabling criminal attackers to pull off complex attacks with more ease.
• Sophisticated bots’ developing the ability to easily bypass CAPTCHAs.
• Increased frequency of advanced attacks that could cause a major disruption to their organization.

57% of IT/IS specialists say sophisticated bots developing the ability to easily bypass CAPTCHAs is a major concern. 73% say they believe the customer experience on websites would be improved by the elimination of CAPTCHAs.

37% of IT/IS specialists report their organization has lost more than 5% of revenue as a result of web scraping. 34% report their organization has lost more than 5% of revenue due to account fraud, and 26% report their organization has lost more than 5% of revenue due to SMS pumping / toll fraud.