researchHQ’s Key Takeaways:
- Despite the growing frequency of bot-generated attacks, not enough organisations are taking measures to develop dedicated countermeasures to malicious bot activity.
- Due to an insufficient understanding of the shared responsibility model, many companies have insufficient cloud security practices in place, often leading to security breaches.
- Despite significant influence within the application development process, in many organisations, information security teams are given minimal authority over the application development budget.
- These disconnects can be mitigated by deploying bot-management tools, ensuring an understanding of the shared responsibility model and allowing information security teams to take charge of the application development budget.
Osterman Research recently conducted an in-depth, international survey of security-focused decision makers and influencers in large organizations. Our goal was to understand the seriousness of various security issues and what organizations are doing to address them. We conducted the survey in North America, Latin America, Europe and several countries in the Asia-Pacific region across a number of industries. A total of 205 surveys were conducted.
There were some surprises discovered in the research – what we consider to be “disconnects”, or issues that are causing serious problems within enterprises that decision makers are not doing enough to address.
Disconnect #1: Malicious Bots
Malicious bots are a serious problem, but few have deployed the right tools to deal with them. Our research found that slightly more than four in five organizations surveyed (82 percent) reported that they had been the victim of some form of bot-generated attack. For example, 38 percent of organizations reported that distributed denial-of-service (DDoS) bot attacks occur at least weekly, and 62 percent report that they occur monthly. We also found a high frequency of bot attacks focused on things like web scraping, account takeovers and digital fraud, among other forms of attacks.
Despite the high frequency and severity of various bot attacks, only 24 percent of organizations report that they use any kind of dedicated bot management tool. The result is that 34 percent of those surveyed admitted that bot attacks are most likely to make their way through the existing security defenses, and 28 percent admitted that there is a “good chance” that there are many such attacks of which the organization is not aware. This has led to a situation in which 61 percent of respondents told us that they are not confident in dealing with sophisticated bot attacks.
Disconnect #2: Misunderstandings About Security Responsibilities
Misunderstandings lead to data breaches. The vast majority of organizations have migrated, or are in the process of migrating, their applications and data stores to the cloud. While the process of doing so continues apace, decision makers’ understanding about many of the nuances of doing so has lagged.
For example, many customers do not understand the “shared responsibility model” inherent in virtually all cloud services. While many decision makers believe that once they migrate applications and data to the cloud the provider is now responsible for things like security of the data and backing up the data to ensure its availability, that’s not really the case.