The biggest risk comes from the data you use to make decisions that can be intentionally altered
Forrester notes how automated traffic now comprise more than half of internet traffic and for some organisations, it can be up to 75 per cent.
The rise in automated traffic is large due to software programmes called bots, it states.
Although these software programmes can facilitate data sharing and customer engagement, many of these are used to automate attacks, interrupt good customer traffic, commit fraud and steal information.
“However, the biggest risk comes from the data you use to make decisions that can be intentionally skewed,” according to a report by Forrester analysts Amy DeMartine, Joseph Blankenship and Susan Bidel.
“Your company makes decisions about how to best serve customers by using data about who they are, when they buy, and what they buy; your marketing colleagues reward bigger ad budgets to the last site a customer visited before purchasing your firm’s products or services; and customer experience (CX) pros use data about customer behaviour to improve engagement.
“Bad bots that interact with your applications alongside customers skew this data and make these decisions off target or just plain wrong,” they write.
“You must defeat bots that collect and distort your company’s information no matter their form.”
The report notes the ‘bad bots’ come in different forms, including:
Checkout-abuse bots which conduct real transactions but degrade customer experience. These bots actually purchase products and services, but as they do, they disrupt legitimate customer engagement. For instance, bots bought 30,000 tickets to the musical Hamilton from Ticketmaster by spoofing unique customer identities (which also highlights that some bots can create fake new accounts).
Sneakerbots which are designed to purchase limited edition sneakers. These bots can be bought for as low as $10 for browser extensions up to $500 for standalone software programmes.
Inventory-hoarding bots which keep e-commerce inventory from legitimate customers by putting items in an online shopping cart and not buying them.
Credential-stuffing bots which use automatic log-in attempts to take over accounts and conduct malicious transactions as legitimate users. Once an attacker has access as a valid user, any data that the application presents is available to the attacker to steal.
Forrester says various technologies are already available to block the different bots. But it says any tool that will be used to combat these bots should support key business and customer goals.
Different bots require different protection techniques:
Forrester says the organisation’s bot management programme should not be created in isolation.
Marketing and CX departments can be asked to help determine parts of the customer life cycle that are most at risk and how best to protect them.
Businesses should also maintain an environment of clean web traffic with constant diligence.
All data coming from second- and third-party sources should be cleansed of data from known bad bots.
This service can be contracted to third parties, but make sure you mandate which tools they should use and audit the process, says Forrester.
It further advises organisations to periodically evaluate their bot management vendors.
“Because bots are continuously evolving, the tools that respond to them will also have to evolve,” says Forrester.
This means businesses must check that their vendors pay special attention to continued or increased investment in threat research to ensure they have the best protection possible against the most advanced attacks.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.