The impact of good bots, malicious bots, and event-based detection
Bots have become part of the fabric of the internet, making up about 40% of all internet traffic and serving a range of purposes. For example, chatbots can help customers get answers to common questions quickly. But malicious bots can infiltrate company servers to steal information.
Bot types vary, but newer bots and botnets (a collection of bots, programmed to work together) are more complex. A basic bot might “scrape” information from one website and reuse it on another. But sophisticated bots can mimic human behavior to bypass security protocols.
“Existing solutions identify bots at the front door, but they don’t know what the bot is doing to the business,” said Vik Dhawan, Kount VP of Product, at Kount’s Fall 2020 Digital Protection Summit.
So businesses need ways to stop malicious bot activity before it leads to greater issues.
How good bots and bad bots affect businesses
Bots engage in an array of positive and negative activities. And they appear across the entire customer journey — from account creation and login to checkout and payment. But as good bots become more helpful to businesses, bad actors have stepped up botnet attacks.
The impact of good bots
Good bots — such as search engine bots, virtual assistants, and chatbots — can streamline business operations.
For example, Forbes reported that bots help entrepreneurs scale customer communications. But bots have other positive benefits:
- SEO tools help improve websites and fix structural problems.
- Chatbots solve problems quickly and reduce time spent on support.
- Virtual assistants can automate common tasks upon request.
In fact, 96% of e-commerce businesses said that good bots are important to their success, according to Kount’s Bot Landscape and Impact Report. That’s because good bots are essential throughout the customer journey.
The impact of malicious bots
Malicious bot activity can cause significant damage. 58% of businesses surveyed in Kount’s bot report said they encountered more than 50 bot attacks in 12 months.
For example, IEEE Spectrum reported that Twitter bots spread large amounts of false COVID-19 information. Users became upset, and the situation caused moderation headaches at Twitter.
Other malicious bot activity can take down operations or steal customer information for financial gain. All of these activities disrupt the customer experience and may cause severe brand damage. Malicious bot activity can lead to:
- Brute-force or credential stuffing attacks that take over a legitimate customer accounts
- Card testing, which identifies usable stolen credit cards
- Scraping activity, which acquire pricing information or content for a competitive advantage
- Automated social campaigns designed to mislead or inflame users
- Distributed denial of service (DDoS) attacks that disrupt a website or digital service
- Coupon cracking or promo abuse
How to identify good, questionable, and malicious bot activity
Whether a bot is useful or harmful can depend on the company or situation. But, in general, bot activity can be divided into three categories: good, questionable, and malicious.
Sometimes, “good” or “malicious” is in the eye of the beholder. Take the example of bot-assisted purchases. Some may benefit authorized resellers, while others may signal retail arbitrage. Or bot quotes that may help consumers can indicate likely insurance fraud to carriers.
Essentially, the right response depends on the event and business, so perimeter defenses aren’t always enough. Businesses need protection across the entire customer journey.
3 tools for effective bot mitigation
What drives effective bot mitigation? The most advanced approaches combine data, AI, and customization to deliver event-based detection.
- Data: Data is the foundation of effective bot defense. With a robust data set, businesses can recognize specific network, device, and behavioral characteristics. Data can also include patterns — both positive and negative events — that predict risk.
- Advanced AI: AI networks the data for instant, accurate detection. AI that uses supervised and unsupervised machine learning identifies known and new attacks. And it works in real time.
- Customizable business policies: When needed, businesses can create policies and rules to guide the AI. They can optimize protection for their specific operations and goals.
Event-Based Bot Detection takes the most advanced approach to bot protection. Built on the Identity Trust Global NetworkTM, Kount’s solution accurately identifies malicious bot activity. With Kount’s networked data, the solution can link network, device, and behavioral characteristics to billions of fraud and trust-related signals. Then it assesses risk in real time, within the context of an attack.
Kount’s unique view of the complete customer journey allows it to establish a baseline of normal behavior across the customer journey. Having that, it can quickly identify abnormal, high-risk behavior. And it can offer a critical advantage to mitigating bot attacks and their effects on customers.