Cybersecurity expert: How to protect your company from bot cyberattack

  • Netacea is a cybersecurity firm that helps firms protect themselves against vicious automated programs called “bots” that could steal user data in cyberattacks.
  • In July, a Netacea survey suggested three-quarters of UK businesses have been attacked by bots.
  • The 200 businesses surveyed said bots took up 15% of resources on their websites, apps, and interfaces between apps, and just 1% were aware of marketplaces that sell stolen accounts. In 2018, cybercrime generated $1.5 trillion globally, according to the multinational IT security provider Check Point.
  • In an interview with Business Insider, Netacea’s chief technology officer Andy Still shared four practical actions every business should take to protect themselves and their consumers from bot attacks.
  • Visit Business Insider’s homepage for more stories.

2019 was the year of the cyberattack. More than half a billion Facebook users’ data were found exposed on unprotected Amazon cloud servers in April, and a month later, the American Medical Collection Agency exposed personal data of around 20 million patients after a data breach in their web payment portal. That data is big business. IT security firm Check Point estimates cybercrime generated $1.5 trillion globally in 2018.

Companies are increasingly reliant on their online presence, making them more vulnerable to cyber threats. Independent security body The Information Security Forum says automated programs called “bots” are one of the new major cyberattack threats businesses should protect themselves against. Bot attacks can, if successful, access user data, including customers’ payment information.

A July survey from Netacea, a UK-based cybersecurity firm, suggested three-quarters of UK firms have been attacked by bots, and just 1% aware of marketplaces that sell stolen accounts. “These attacks [bot threats] are not simple … there are many groups of people who work together to take advantage of weaknesses and systems,” Netacea’s chief technology officer Andy Still said.

Security tools that protect firms from traditional hacking attacks are insufficient for bot threats, he said, adding that many companies are unaware of the seriousness of the problem. In an interview with Business Insider, he shared four practical actions every business should take to protect themselves and their consumers. 

Hire an in-house security officer

Most companies, especially small businesses, don’t have a security officer in house — often, other departments such as marketing or ecommerce detect bot attacks, without the expertise to deal with them.

Hiring a security officer will solve this, Still told Business Insider. A security officer will not only know what to do in case of a threat, but they will create protocols for any cyber threats that colleagues can follow. This will protect both the business’s website and consumers’ data — the weakest point for most businesses, said Still.

Make sure businesses you’re connected to are also protecting themselves

“You as a company need to work on the assumption that your data will be breached … and out in the wild no matter how well protected your database is,” Still said. 

It’s an alarming comment, but gets you in the right mindset for thinking about security. Ask yourself what people could do with your data, not just how well do you protect that data — “and prepare for the worst,” he said.

And think laterally: If other businesses you are connected to or your customers use aren’t protecting customers’ data, and customers aren’t cautious, you can indirectly be a target of an attack. 

“It’s no longer good enough just to rely on protecting your own data. You’ve got to worry about other people protecting their data … and what happens when people’s on other sites are breached,” Still said. Plan ahead, talk to other businesses, and agree a shared method.  

“Protect your customers from themselves”

Customers reuse their passwords all the time, despite warnings. It’s up to your business to change their behaviour: You could send email reminders to regularly change passwords, warn customers not to reuse their go-to password,  or set up confirmation questions and validation tests — they will add a level of protection.

“Protect your customers from themselves,” Still said, and if you know there is a chance that their data has been breached on another website, warn your customers as soon as possible, advising them to change passwords.

Think beyond your website security — protect apps too 

Most businesses, have tools protecting their website, Still said, but none for their online platforms, including apps and boundaries that allow two applications to interact, called application programming interfaces (APIs).

Still suggested having security protection on every online platform, because cyber threats always attack the weakest point of the system. If bots find a way in, everything other system will be compromised, even if they are individually protected.

Source Article