Bad Bots down under: What you might not know but should about cyber-security in Australia

Protecting Australia’s digital citizens?

As I recently remarked, data privacy is on the agenda in Australia, with new measures about to land that would turn the digital landscape on its head. Driven by the federal government, the 116 proposed measures would outlaw what are currently common practices in digital advertising, forcing brands and advertisers to rethink how they target consumers. If adopted, these laws would radically shift the balance of power from the digital operators to digital citizens for data rights.?

According to one commentator, “the updated Act will go harder than anywhere in the world”. Australia may soon top even GDPR for proactively championing consumer privacy across the digital landscape.??

Understanding Australia’s bad bot threat?

Contrasting this bright prospect, is a darker counterpart, and a deeper threat to both consumers and companies - that Australia ranks third in the global league tables for bad bot activity.? In fact, 4 out of 5 breaches can be linked to organised crime! Given the size of its population and GDP, these statistics are quite shocking, and put the proposed legislation to protect Australia’s consumers? starkly into perspective.?

There’s a broad spectrum of bad bot threats. At one extreme, there are massive breaches involving customer data, for which Australia has been a conspicuous target, with a number of household names being attacked and held to ransom by sophisticated cyber criminals.?

The biggest threat to consumers from bad bot attacks is a consequence of data storage, if there are breaches in the defences of the brands consumers entrust with their data, then the bots will find ways to access and trade in that data on the dark web, or hold the brands to ransom with the threat of reputational damage.

Then there are the more insidious threats regularly eating away at the fabric of ecommerce, but without the dramatic impact of the headline-grabbing scandals. Anything you do to create revenue, grow your customer base, build your brand, extend its reach and nurture loyalty among consumers, there’s a legion of bots seeking opportunities to do the opposite and are often more than a few steps ahead.?

Unwelcome digital visitors are on the rise

To help understand such threats, imagine you run a popular online retail store that attracts thousands of visitors daily, generating significant sales and engagement. However, recently you've noticed an unusual increase in traffic that isn’t translating into more sales. There's also been a sudden rise in abandoned shopping carts, numerous suspicious login attempts, and your product descriptions and images appearing on competitor websites shortly after you upload them. This indicates the presence of bad bots on your digital assets, which can significantly harm your business and brand.

It was recently calculated that nearly half the traffic on websites during 2023 were bots. While 17.6% of these were welcome (search rankings depend on Google’s bots visiting and understanding websites), 32% of website traffic on average is from bots intent on harm. That’s like having a physical store and discovering nearly a third of your customers are shoplifters or pickpockets preying on your customers.? Whether directly through revenue, or through reputation, bad bots are bad news for Australia’s digital brands and their customers.?

What can be done??

Although I’ve focused largely on retail, in reality, any vertical is vulnerable to bad bot activity. So, taking all this on board, what can companies do to meet this threat, and proactively protect both themselves and their customers??

There are several platforms available that can identify and remove bad bots. Forrester recently published a report assessing the main platforms on the market, which they ranked for such criteria as their ability to evolve rapidly to meet new threats; how comprehensive the protection is across the full spectrum of known and emerging threats; ease of integration and compatibility with other solutions covering adjacent needs such as fraud. I’m happy to confirm one of the clear leaders in this Forrester Wave evaluation,? DataDome, is a platform I have also used and recommended to clients I have worked with.? What stands out for me is its ease of use.? It’s pretty intuitive, but also comprehensive in the critical insights it gives.? I’ve found we get what we need, whether we're launching a new product or conducting a health check and audit on their current properties.

The landscape of cyber threats is ever-evolving, and continuous vigilance and adaptation are key to maintaining robust defence mechanisms. By proactively implementing bot management solutions like DataDome, companies can mitigate risks and enhance their digital security. As the Forrester report concludes: “Bot management vendors and their customers must keep their guard up and watch out for new attack techniques, new detection evasions, and new bot targets while also managing the load from any good bots”.?

Data rights versus data protection?

As stated above, Australia is leading the charge when it comes to data privacy for consumers, including strict rules around how data can be gathered, used and shared. However, if brands don’t also pay attention to the threat posed by bad bots, they themselves will be at risk, and in turn, so will their customers.?

Despite the robust data privacy laws, there are currently no specific regulations addressing the threat of bad bots. Regulating the “surface” players and imposing fines only addresses half the problem when the criminals behind the bad bots operate and trade on the dark web.?

Let’s hope the new era of data privacy for citizens encourages a greater awareness of the insidious, far less-publicised, threat posed by these bots.? As consumer data, stored by brands but valuable to cyber-criminals, is at risk, the rights of users and the reputations of the brands both are ultimately at stake.?

Broadening awareness within this heightened data-aware climate would be a step in the right direction.