• About
  • Subscribe
  • Contact
Wednesday, May 7, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

PodChats for FutureCISO: Battling the darker side of bots

Allan Tan by Allan Tan
July 15, 2022
PodChats for FutureCISO: Battling the darker side of bots

PodChats for FutureCISO: Battling the darker side of bots

One of the innovations of the internet is the introduction of software robots or bots that allow repetitive tasks to be performed routinely without human intervention. But like many other technologies, a good thing can sometimes be turned to do bad things.

According to the 2022 Imperva Bad Bot Report, bad bots accounted for a record-setting 27.7% of all global website traffic in 2021, up from 25.6% in 2020. The three most common bot attacks were account takeover (ATO), content or price scraping, and scalping to obtain limited-availability items.

The very real threats of bad bots

Garrett O'Hara, field chief technology officer (CTO) for APAC at Mimecast, says bots are particularly dangerous, though, because of the scale that they can act. The huge volume of traffic and the things that they involve themselves with have significant impacts on businesses.

“There are loads of nefarious activity happening from bad bots across things like account takeovers, identity fraud, and automated fraud. The impact can be significant for organisations and ultimately affect citizens of many countries, then consumers, and then the employees of many companies,” he continued.

How bots have evolved since the pandemic

Recalling how the early days of the COVID-19 pandemic forced businesses, governments, and consumers to go digital very quickly, O’Hara observed that hackers leveraged this and targeted shopping and services sites.

“Bad bots benefit from the evolution of technologies such as artificial intelligence (AI) and machine learning (ML) to allow very good mimicry of human behaviour in their attacks, resulting in more successful and profitable attacks,” he added.

In response to the increased sophistication of attacks, he cited countermeasures by banking organisations like looking at biometric signals and signatures of typing on a keyboard.

“The rate of typing by bots will be consistent because it's programmed to type certain letters. Whereas humans don't space their keystrokes perfectly,” he explained.

Technology is blind to usage

AI has found its way into use cases like chatbots and self-service to mimic how humans like to communicate. The same techniques have also been applied in the fight against bad bots. However, it is here that things may have gone awry.

As it turns out, hackers are using the very same techniques and technology to try and foil attempts to identify and stop bad bots from achieving their purpose (read the 2022 Imperva Bad Bot Report).

O’Hara explains that some attackers are using the same approaches to introduce the randomised keystrokes or the randomised movement of a mouse or the delays before clicking on a button.

Garrett O'Hara

“What you're fighting against programmatically is a bot attaching itself to a website and trying to undertake a transaction or to scrape some data. Often what's being used is a headless browser (not a normal browser). It doesn't have a user interface. It doesn't show the web page, but it knows how to interact and mimic JavaScript and mimic the interactions that a human would have with a website."

Garrett O'Hara

“What you need is something that's going to be able to look (detect) at that,” he elaborated.

Mitigate the risks of bad bots

Given that hackers are using the very same techniques and technologies built to thwart their efforts, how does one fight escalating warfare – one where the threats and rewards are real for both sides?

O’Hara offers several options including the use of dedicated bot management solutions. He cautions that the solution will likely depend on factors such as the size of the problem, the type of organisation, and the potential impact for bots.

He suggests considering technologies that can analyse all the traffic and the entire scope of where a bot could interact.

“When you're looking at more advanced protections, you also need to consider both server-side and client-side technologies. Programmatically, we are fighting a bot attaching itself to a website. There are active challenges: as interaction is happening, you’re supposed to be injecting things that only a human can detect,” he explained.

How far will you trust a bot?

According to Statista, the volume of human-initiated and automated bot attacks in Asia-Pacific during the first half of 2020 was 37 million and 121 million respectively. With such a volume, it is only natural for the IT and security teams to use technology, including ML and AI, to detect and counterattacks.

Volume (in millions) of human-initiated and automated bot attacks worldwide in the 1st half of 2020, by region
Source: Statista

Asked to what extent IT and security teams can trust the recommendation of bots, O’Hara said the answer depends on where the person sits.

As a technologist, he concedes that he sits in the middle of the debate. He believes that the utility of ML and AI is significant for pattern recognition and automatic response. “In the case of a security operations centre (SOC), you want to choose responses that are well-documented and detailed, and not cause greater damage,” he suggested.

The same thing applies to bots. “Security systems should not introduce friction to real users. We want our customers to be able to buy things without introducing so many checks that they end up getting frustrated. Hence, it is all about maintaining the balance between security and ensuring that businesses continue to operate successfully,” he continued.

Click on the PodChat player and listen to O’Hara provide common but rarely discussed techniques to identify and combat bad bots.

  1. Among the many kinds of cyber threats on the internet, why are bots dangerous?
  2. How have bots evolved since the pandemic? Are bad bots today any worst compared to before 2020?
  3. How do (a) users and (b) businesses contain/mitigate the risks of bad bots?
  4. Given that smart bots are the technology that use AI to do these good or bad. Around cybersecurity, at what point can we trust an AI-based security solution to do remedial things automatically?
  5. Do you see zero trust being applied to bot security?
  6. Evasive bots are a growing concern. How do you see the evasion techniques of bots evolving in the coming years, and how can organisations do a better job of detecting them?
Related:  Podchats for FutureCIO: Winning strategies for cloud migration in 2022
Tags: Artificial Intelligencebad botsBotschatbotsImpervamachine learningMimecastPodchats
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe