The report, Bots Down Under – An Australian Market Threat Report by web security company Kasada has revealed that 90 per cent of abuse attacks are delivered from within Australia.
The study debunked the ‘Island Australia’ theory by revealing that international cybercriminals were getting around geoblocking guards by routing attacks through homegrown networks.
It also found that the top 250 Australian websites are ill-prepared for a bot attack with 90 per cent of them unable to differentiate between customers and bots.
Kasada chief executive Sam Crowther told Fintech Business that the report was designed to educate Australian businesses on the threat that bots pose to Australia.
“As many aspects of our lives are global – and much of our information now lives online – this shift places tremendous emphasis on businesses to protect and defend against potential threats,” he said.
The report also highlighted the economic impact found by the Ponemon study that found the cost of a bot attack averaging $2 million per attack across time, compensation and customer turnover.
Mr Crowther said this was only getting worse as the number of year-on-year attacks keep increasing.
“In 12 months, the estimated average cost of time, compensation and customer churn jumped from $2 million to close to $3 million per breach,” he said.
The jump is being driven by two factors, according to Mr Crowther, who said there are billions to steal and the low barrier to exploitation.
“Attacks are automated using bots and once initiated they happen at scale, persistently and without human involvement. Gone are the days when attackers needed high-level skills. Today, they can launch an attack after watching a few “how-to” online videos,” he said.
Many of these attacks directly target monetised information, said Mr Crowther, but any information could be a target.
“Personal data, funds and other customer assets; corporate information. If information can be monetised by attackers, then it’ll be a target,” he said.
Mr Crowther said financial services institutions need to increase visibility across their sites and adopt active defences.
“For information security practitioners in financial services business, they should be proactive in detecting unusual traffic patterns and increase visibility of failed login patterns, amongst other things,” he said.
AustCyber’s chief executive Michelle Price said that cyber security was everyone’s business and that was why the group was working with Kasada to provide solutions for businesses.
“Kasada is a great example of a home-grown company offering highly adaptable solutions that provides an uplift to cyber security and quickly builds a picture of actionable information that companies can implement,” she said.