Intelligent CIO Africa Issue 68 | Page 31


‘‘ business

In the past two years , the world has been shocked economically , politically , and technologically . Technology advancement has shifted into overdrive from its already dizzying pace .

Against this backdrop , a series of cybersecurity myths have gained traction , often prompting well-meaning security teams to focus on the wrong things . Here are seven of them to keep a watchful eye on :
Myth 1 : Only a small number of social media accounts are fake .
A lot of enterprises know they have bots , but the reality is social media companies often don ’ t know and don ’ t want to know how many bots they really have . We did a proof of concept with a social networking site some years ago that showed 98 % of their logins were automated bots . This company was very proud of their rapid growth and excited for the future , but it turns out they only had a tenth of the subscribers they thought they had .
The significance of this knowledge and why it is important has been playing out in a very public way with the acquisition of Twitter . The value of the company is largely based on its number of users . Elon Musk ’ s challenge to the company to demonstrate that spam bots and fake accounts are less than 5 % is a fair expectation for any investor , advertiser , potential business partner , and even its users .
Companies have been fighting bots by blocking IPs , regions , and autonomous systems , and here is where we see the evolution of malicious bot trafficattacks are now coming from hundreds of thousands , even millions of IP addresses . Those network layer defences only take you so far .
My mantra is that client-side signals are king . You must-have behavioural biometrics . You must interrogate the browser and interrogate the device . All of those signals taken in the aggregate are how you identify not just bots but malicious humans as well .
Companies also think they can hire their way out of this situation , but there is no way to hire enough IT people to fix a problem this vast . The only way to really fight automation is with automation .
Dan Woods , Global Head of Intelligence , F5
I predict that Twitter ’ s bot number is closer to 50 % or more . Companies should be required to validate users are human and effectively manage and mitigate their bot traffic .
Simply stated , the success of malicious bots indicates a security failure . Bot prevention is critical to ensuring the integrity of the information flowing through these sites , but also having accurate data for companies to make important business decisions and for others doing business with them .
Myth 2 : Bot prevention is an in-house DIY project .
We ’ ve seen good companies with big budgets and brilliant technical staff doing battle with bots for years . Yet when we analyse the bot traffic in these organisations , expecting to see sophisticated bots that had evolved to overcome their defences , it just isn ’ t the case .
Attackers won ’ t innovate new attack vectors as long as the original vector remains successful . All they need to do is come up with a way to dodge new defences .
Myth 3 : Focus should always be on a mysterious new threat on the horizon .
Those of us in security , the tech press , and corporate PR share a common fear of those threat actors who are constantly innovating and staying ahead of us . But in many ways , attacks are still the same with only slight tweaks along the way .
Most of the bots we see today show the same level of sophistication that we saw five years ago . They just come
www . intelligentcio . com INTELLIGENTCIO AFRICA 31