UK firms 'leaving themselves wide open to bot attacks'

British business are putting both their customer data and reputations at risk, according to a new analysis which claims two-thirds (66%) of UK websites are unprotected against simple bot attacks, which can wreak havoc if left to run riot through internal systems.

So says the UK Bot Security Report from DataDome which maintains that “bad bots” are plaguing the Internet and make up over 30% of all online traffic, which cybercriminals use to target businesses with fraud and other attacks.

To understand more about how UK businesses defend themselves against these malicious actors, DataDome tested over 2,400 of the largest UK-based websites across a range of industries, from banking and ticketing to ecommerce and gambling.

The findings shed light on the prevailing state of bot protection across industries and business sizes, variations in the performance of different bot detection systems, and the effectiveness of traditional CAPTCHAs as a defence mechanism.

Most notably, a significant majority of UK-based digital businesses are not adequately protected against simple bot attacks. Only 7.9% successfully blocked all bot requests; 22.8% detected and blocked at least some of the bots but 69.4% let through all nine different combinations of bots tested.

Worryingly, ecommerce sites were among the most vulnerable, with 70% failing all bot tests, while gambling sites are the best-defended, but even then only 29% blocked all the BotTester bots.

Of the 515 websites equipped with only a CAPTCHA tool, less than 4% detected and blocked all bots and in 75% of the websites, the CAPTCHA tools failed to stop even a single bot.

The most ‘successful’ bots (from an attacker’s POV) are fake Chrome bots, with 90% of DataDome’s fake Chrome bots undetected, 87% of simple Curl command bots went undetected while 75% of fake Googlebots were undetected.

DataDome head of research Antoine Vastel said: “Bots are becoming more sophisticated by the day, and UK businesses are clearly not prepared for the financial and reputational damage these silent assassins can cause.

“From ticket scalping and inventory hoarding, to account fraud, bad bots wreak chaos on consumers and businesses alike. Businesses which do not deal adeptly with bad bots risk significant reputational damage, as well as exposing their customers to unnecessary risk. They must act now to protect themselves against this growing threat.”

Earlier this week, it was claimed the UK’s cyber defences appear to be holding up better than most despite a major rise in data breaches around the world, with the list headed by the US, Russia, Spain, France, and Turkey. This research would suggest it is only a matter of time before it all goes tits-up.