From bots to breaches: How are APJ businesses still lagging in cybersecurity?
- Cybersecurity breaches are rampant in the APJ region due to a lack of specialized defenses.
- IT leaders must bolster defenses against account takeovers, malicious scripts, and bots.
- Using strong third-party mitigations can dramatically improve protection levels across the APJ region.
In today’s interconnected world, digital businesses are confronted with a complex array of cybersecurity threats. These threats range from account takeovers and malicious automated bots to harmful code injections and illicit redirection of website traffic.
All kinds of cybersecurity breaches lurking around
A recent study by Akamai Technologies, aptly named “From Bad Bots to Malicious Scripts: The Effectiveness of Specialized Defenses,” paints a worrying picture. It reveals that Asia-Pacific and Japan (APJ) enterprises are significantly behind their global counterparts in implementing specialized cybersecurity measures. This gap exposes them to heightened risks of cyberattacks such as malicious code injection and unauthorized account breaches.
Based on comprehensive survey data from top-tier IT and security experts, the report offers an in-depth analysis of specialized cybersecurity solutions’ role in defending against a spectrum of digital threats. These range from more commonplace disruptions like bad bots to potentially catastrophic incidents like account takeovers, harmful third-party code, and unwanted website redirects.
Reuben Koh, the Director of Security Technology & Strategy at Akamai, emphasized the urgent need for action. He noted that cyberthreats like malicious bots, harmful scripts, and unauthorized account takeovers are persistent and evolving rapidly to bypass conventional security measures. He elaborated that the rapid evolution and increasing complexity of these threats necessitate a proactive and dynamic approach to cybersecurity.
Koh added that companies should consider third-party specialized cybersecurity solutions as a mandatory component of their broader defense strategy. Such a multi-faceted approach provides companies with the agility to adapt to evolving threat landscapes and significantly enhances their capability to mitigate those threats effectively. This dual advantage can lead to a substantial reduction in the overall business risk profile, fortifying not just data but also customer trust.
The Pandora’s box of account takeovers: cybersecurity breaches in the APJ region
In the APJ region, the problem is glaring, with a startling 73% of businesses reporting that they have been the victims of account takeover attacks in the last year. The most concerning part is that only 60% of companies in the APJ region have specialized solutions to deal with these threats, sharply contrasting with the global average of 83%.
Upon seizing accounts, cybercriminals exploit them to the fullest—stealing digital assets, draining financial resources, and even listing the accounts for sale on dark web marketplaces.
Even if an attack takeover (ATO) attack fails, its repercussions can be severe. Unsuccessful attempts generate network ‘noise,’ clog up server resources, slow down service, and lead to poor customer experience. This can further translate into a tarnished brand image and loss of customer loyalty.
By leveraging specialized ATO defenses, enterprises reported:
- Increased detection of fraudulent activities by 44%.
- Enhanced visibility into account compromise indicators by 41%.
- Improved identification of suspicious login activities by 39%.
When scripts turn malicious: The underestimated cybersecurity threat
Only 67% of APJ businesses employ specialized defenses against malicious scripts. This number becomes even more worrisome when one considers that such attacks in the previous year have targeted 78% of these businesses.
Those who adopted specialized script protection measures experienced:
- Better detection of compromised scripts (38%).
- Improved prioritization of investigable incidents (38%).
- Stronger compliance readiness (38%).
Dealing with malicious bots
Malicious bots are a pervasive threat, known for activities ranging from hoarding limited-stock items like sneakers and concert tickets to executing more dangerous attacks like web scraping and credential stuffing. These bots can also launch DDoS attacks, overwhelming websites and making them inaccessible to legitimate users. They constitute a significant portion of today’s internet traffic.
In the APJ region, 64% of companies experienced bot attacks in the past year. While slightly lower than the global rate of 75%, it’s still a significant concern. On a positive note, 97% of global respondents saw improvements after deploying specialized anti-bot solutions. Over half (54%) noticed substantial enhancements in their cybersecurity efforts.
Key benefits of deploying anti-bot solutions include:
- A 47% improvement in handling traffic surges during high-demand events.
- A 42% increase in marketing effectiveness.
- A balance between security and performance optimization, as 41% of businesses reported.
By adopting specialized solutions against bots, companies can better protect their resources and improve customer experience.
Audience hijacking: The silent saboteur in retail cybersecurity
Audience hijacking is a rising concern, particularly in the APJ region, where 92% of organizations are aware of it, and 26% have already experienced its negative effects. This issue commonly leads to revenue loss for online retailers as consumers get diverted by lower prices or deceptive advertising.
This threat primarily manifests through browser extensions, widgets, or plug-ins that distract or mislead customers during their online shopping experience. Unfortunately, retailers often lack the visibility to understand the full scope and impact of audience hijacking, as it occurs within the browsers.
Globally, businesses that have faced audience hijacking report two significant consequences:
- A 43% increase in cart abandonment rates.
- A 41% uptick in affiliate fraud.
Understanding in-browser behaviors is crucial for retailers to gauge the true impact of audience hijacking and take appropriate countermeasures.
In summary, the report serves as a clarion call for businesses, especially those in the APJ region, to amp up their cybersecurity measures through specialized third-party solutions. Failing to do so not only exposes them to a raft of cybersecurity risks, but also jeopardizes their long-term sustainability and brand reputation.