Highlights
- The 2022 State of Security Within eCommercereport says that automated threats have increased, leading to 62% of the security mishappenings for online retailers.
- The rise of attacks on online retailers has gone from 3.5% to 32.9% in the last 12 months.
According to Imperva Threat Research’s 12-month analysis of retail security threats, attacks on websites, applications, and APIs are a continuing business risk throughout the calendar year, particularly during the holiday shopping season. The 2022 State of Security Within eCommerce report reveals that there are automated threats – including credit card fraud, account takeover, web scraping, API abuses, Grinch bots, and Distributed Denial of Service (DDoS) attacks – that led to 62% of the security mishappenings for online retailers. It is double the percentage of automated attacks observed around industries.
Increase in automated cyberattacks
In the previous year, about 40% of traffic on retailers’ websites came from bots, and the software applications being controlled by operators that run automated tasks were found with malicious intent. With the continuous rise in bot traffic, there is also more sophistication in the bots attacking retailers. Most of these attacks come from hidden sources and are hard to detect and stop. The rise of attacks on online retailers has gone from 3.5% to 32.9% in the last 12 months. Comparatively, the attacks on other industries have moved at a slower pace (from 1.6% to 13.6%).
The maximum security risk with online retail platforms is during the holiday shopping season. In 2021, “bad bot” traffic on eCommerce sites increased by 10% in October and 34% in November. Also, Imperva lists that a DDoS attack during Black Friday week can result in an average of 13 hours of site downtime.
API protection for retailers
It is essential that retailers take a step toward protecting their APIs. In 2021, API attacks increased by 35% between September and October, and another spike of 22% came in November. The past instances show that maximum attacks happen around the holiday shopping season, with their target using API as a pathway for trying to extract customer data and payment information.
Wrapping it up
Retailers need to take a unified approach that can mitigate attacks without disturbing the buyers. It is possible for eCommerce teams to improve their sites and protect their data against automated attacks that function around the clock. Stress-testing infrastructure and bot management are suggested approaches to fight against automated attacks.