Akamai‘s 10th State of the Internet (SOTI) Report reveals the latest trends and challenges in cyber attacks, highlighting botnets as a major risk within e-commerce. In this video, Patrick Sullivan, CTO of Security Strategy at Akamai, discusses the company report and its key findings, the security challenges in e-commerce, and how Akamai is helping customers mitigate these risks. He says, “We’re seeing around 40% of requests coming from bots at any given time, which is a staggering number.”

Akamai 10th State of the Internet Report and its key findings

• Sullivan explains that, as an intermediary between users and major websites for 25 years, Akamai feels responsible for sharing insights from its extensive business traffic.
• Sullivan discusses the company’s 10th annual State of the Internet Report, which aims to highlight attack trends, help defenders learn from Akamai’s observations, and simplify defense strategies against widely reused attacker tactics.
• Sullivan explains that multiple teams collect and analyze the vast data for attack trends, with the help of security researchers, data scientists, writers, and editors.
• There is a growing shift in commerce from in-person to online, with around 40% of website requests now coming from bots. He highlights the challenge for web defenders to manage, not just block, bots.

The evolution of botnets and the role they play in e-commerce

• Sullivan talks about the evolution of botnets, explaining that they have become more sophisticated both in business models and technical execution. Scraper bots can be used for competitive analysis or malicious purposes.

• Bots have advanced from simple scripts to complex headless browsers that mimic human behavior, requiring more rigorous detection methods, such as analyzing mouse movements, key presses, and device interactions.

• Malicious scraping can lead to fraudulent activities such as stealing credentials or completing transactions without permission.
• Sullivan discusses the role of scraper bots in e-commerce, explaining that while about a third of scraper bots are beneficial for search engines and price aggregators, two-thirds are malicious.

The impact of bots and the risks of malicious ones 

• Sullivan explains the impact of bots on e-commerce. He highlights a less obvious risk, the distortion of business metrics critical for data-driven decision-making and how it can become a major operational disruption for retailers.
• Sullivan discusses Generative AI’s impact on malicious bots in e-commerce, highlighting the legal challenges of protecting data from unauthorized AI scraping, the importance of scraper detection and APIs for data access control.
• Sullivan notes the significant volume of bot requests in e-commerce, highlighting ongoing ML and AI advancements used both defensively and adversarially in this context.

What are the security challenges of e-commerce?

• Akamai partners with retailers to ensure safe online experiences across evolving devices, from laptops to handhelds, adapting to hardware innovations and addressing emerging challenges together.
• Fraudsters are increasingly targeting e-commerce platforms. This shift presents challenges for retailers, whose thin margins make fraud mitigation crucial early in the transaction lifecycle to avoid escalating costs.
• Fraud extends beyond financial losses to affect brand reputation and customer trust. Retailers need to actively combat bots that create fake websites, safeguarding customers and upholding trust in their online services.
• Sullivan emphasizes early fraud detection by categorizing visitors by intent. He advocates for tailored responses based on intent, and implementing resource-intensive measures to raise fraudsters’ operating costs.
• Sullivan highlights Akamai’s extensive experience in defending against specialized bots over the past decade.

How Akamai is helping customers mitigate fraud and other security risks

• Sullivan categorizes bot attacks as scraping, account takeovers, and high-demand events. He emphasizes the need for fast detection and tailored responses.
• Sullivan suggests proactive customer education through emails about fraud attempts, emphasizing the need to disrupt bot traffic and prevent fraudulent website setups.
• Sullivan highlights the importance of managing client-side software and third-party integrations to safeguard against data compromises and ensure a secure online environment.

Akamai’s solutions and its ongoing focus on DDoS attacks

• Akamai provides solutions like client-side firewalls to monitor and mitigate risks associated with these interactions, helping retailers maintain control over their customers’ browsing experiences and data security.
• Sullivan notes a rise in state-sponsored attacks on e-commerce, driven by nationalistic motives. He highlights a sharp increase in DDoS attacks on Israeli entities, linked to geopolitical tensions like Russia-Ukraine conflicts.
• Sullivan emphasizes Akamai’s ongoing focus on DDoS attacks amid geopolitical tensions and highlights API security and development lifecycles as key areas of interest.

Guest: Patrick Sullivan (LinkedIn)
Company: Akamai (Twitter)
Show: Let’s Talk

This summary was written by Emily Nicholls.