How bad bots and broken APIs are denting Indian companies

The COVID-19 pandemic has visibly catalyzed a plethora of transformations in the world of business and security. The apparent pan-industry digitization and the global switch towards remote working have been abrupt at best and there are still numerous loopholes marring the business security landscape. Firstly, the pandemic has significantly enabled rogue agents’ cybercriminals to capitalize on the pandemic-induced bedlam and orchestrate covert strikes to breach an organization’s defenses. Barracuda Networks found 52% of application security decision makers in India say web application vulnerability/ zero-day vulnerability contributed to a successful security breach that exploited vulnerabilities in their organization’s applications.

Murali Urs, Country Manager, India, Barracuda Networks

A report released by Barracuda Networks revealed that bot attacks, vulnerability detection, API security, and supply chain attacks comprise the primary attack vectors. The conditions imposed by the COVID-19 lockdown have inadvertently multiplied the occurrence of application-based cyber strikes due to the steady rise in applications, which turned more penetrative and relentless, with each day. In the past two years faulty API security has been rendered as one of the top attack vectors across the Indian corporate vista amid the rapid shift to remote work. In fact, in India web application vulnerability/ zero-day vulnerability is the most likely contributor to successful security breaches resulting from application vulnerabilities.

With companies turning towards utilizing public APIs, the potential risk of them succumbing to breaches and attacks is likely to multiply manifold with directed access to confidential data and the increased chance of data-theft or sabotage. Though, APIs accelerate the development of novel versions of applications that are speedier, efficient and more user-extensive; they also offshoot a comprehensively burgeoning attack surface for cyber-attackers. Therefore, safeguarding the APIs have never been more essential for these companies.

Apart from app-based strikes, bot-based attacks are also among the top application security with breaches such as scraping, spamming, carding and other fraudulent attack vectors impacting business across the global expanse. 45% of respondents in India identified bad bots as their top application security challenges. Bad bots are basically specifically designed programs created with a malicious intent to steal data, corrupt files, and damage sites through a Distributed Denial of Service (DDOS). They are typically utilized by cybercriminals and usually work in an evasive manner. There have been instances when a DDOS attack seemingly masqueraded an SQL injection which caused tremendous customer data-loss.

Online marketplaces for bots are turning quite the norm as automated strikes orchestrated by these bots are becoming a stark reality while spanning a plethora of vectors. The most successful bot strikes are majorly those which act in a variety of combinations to advance the attack surface. Therefore, an agile and multi-layered bot-security as well as API-gateways has become the most sought-after cyber solutions for companies in the upcoming twelve months.

As organizations race to deploy more effective app-security solutions, app-security becomes more complicated with the introduction of novel programs and newer tech-aspects. Employee errors have also been found to be an important factor behind API compromises. Even though a company may have the best security solutions guarding its defenses, a single employee error leave the company prone to merciless bot attacks and evasions. With these factors in mind, protecting applications from bot-based and API attacks should be top of mind for organizations.

Therefore, organizations across India and the world must optimize a resolute and user-friendly platform-based approach to extend robust fortifications against an array of traditional and emergent threats. In fact, they need to approach third-party vendors that can assist them with averting, identifying, and locating bot activity to safeguard themselves from a variety of application-based attacks on an everyday basis.

Author: Murali Urs, Country Manager, India of Barracuda Networks