Report: 62% of retail cybersecurity incidents are due to automated threats

View all on-demand sessions from the Intelligent Security Summit here.

A 12-month analysis Imperva Threat Research of security threats targeting retail believe that attacks against websites, applications and APIs throughout the calendar year, and particularly during the Christmas shopping season, are a continuing business risk. The state of security in e-commerce in 2022 report reveals that automated threats — including account takeover, credit card fraud, web scraping, API abuse, Grinch bots, and distributed denial of service (DDoS) attacks — caused 62% of security incidents for online retailers. That’s more than double the rate of automated attacks seen in other industries.

The rise of automated cyberattacks

In the past year, nearly 40% of the traffic on retailers’ websites came from bots, software applications controlled by operators that perform automated tasks, often with malicious intent. In addition to the continued increase in bot traffic, there is more sophistication in the bots attacking retailers, including a large increase in the percentage of attacks with hidden sources, which are more difficult to detect and stop. The number of attacks targeting online retailers that originated from anonymity frameworks has increased from 3.5% to 32.9% in the past 12 months. In comparison, such attacks against other sectors increased at a slower rate (from 1.6% to 13.6%).

Image source: Imperva

Online retailers face more security risks during the holiday shopping season. In 2021, traffic to “bad bots” on ecommerce sites increased 10% in October and another 34% in November. In addition, Imperva estimates that a DDoS attack during the Black Friday week can result in an average downtime of 13 hours.

Retailers, watch your APIs

Retailers should also be careful to protect their APIs. In 2021, API attacks increased by 35% between September and October, and another 22% in November. This trend suggests that adversaries increase the number of attacks around the holiday shopping season and try to use the API as a way to exfiltrate customer data and payment information.


Intelligent Security Summit on demand

Learn the critical role of AI and ML in cybersecurity and industry-specific case studies. Check out on-demand sessions today.

Look here

It’s not too late for retailers to take a unified approach that can mitigate attacks without disrupting shoppers. Ecommerce teams can prepare their sites and protect their data against these automated attacks that run around the clock. Strategies such as stress testing infrastructure and implementing bot management can make a difference in the fight against automated attacks.

Read the full report from Imperva.

VentureBeat’s mission is to become a digital city plaza where tech decision makers can learn about transformative business technology and execute transactions. Discover our Briefings.