TALKING

Against this backdrop , a series of cybersecurity myths have gained traction , often prompting well-meaning security teams to focus on the wrong things . Here are seven of them to keep a watchful eye on :

Myth 1 : Only a small number of social media accounts are fake .

A lot of enterprises know they have bots , but the reality is social media companies often don ’ t know and don ’ t want to know how many bots they really have . We did a proof of concept with a social networking site some years ago that showed 98 % of their logins were automated bots . This company was very proud of their rapid growth and excited for the future , but it turns out they only had a tenth of the subscribers they thought they had .

The significance of this knowledge and why it is important has been playing out in a very public way with the acquisition of Twitter . The value of the company is largely based on its number of users . Elon Musk ’ s challenge to the company to demonstrate that spam bots and fake accounts are less than 5 % is a fair expectation for any investor , advertiser , potential business partner , and even its users .

Companies have been fighting bots by blocking IPs , regions , and autonomous systems , and here is where we see the evolution of malicious bot trafficattacks are now coming from hundreds of thousands , even millions of IP addresses . Those network layer defences only take you so far .

My mantra is that client-side signals are king . You must-have behavioural biometrics . You must interrogate the browser and interrogate the device . All of those signals taken in the aggregate are how you identify not just bots but malicious humans as well .

Companies also think they can hire their way out of this situation , but there is no way to hire enough IT people to fix a problem this vast . The only way to really fight automation is with automation .

Dan Woods , Global Head of Intelligence , F5

I predict that Twitter ’ s bot number is closer to 50 % or more . Companies should be required to validate users are human and effectively manage and mitigate their bot traffic .

Simply stated , the success of malicious bots indicates a security failure . Bot prevention is critical to ensuring the integrity of the information flowing through these sites , but also having accurate data for companies to make important business decisions and for others doing business with them .

Myth 2 : Bot prevention is an in-house DIY project .

We ’ ve seen good companies with big budgets and brilliant technical staff doing battle with bots for years . Yet when we analyse the bot traffic in these organisations , expecting to see sophisticated bots that had evolved to overcome their defences , it just isn ’ t the case .

Attackers won ’ t innovate new attack vectors as long as the original vector remains successful . All they need to do is come up with a way to dodge new defences .

Myth 3 : Focus should always be on a mysterious new threat on the horizon .

Those of us in security , the tech press , and corporate PR share a common fear of those threat actors who are constantly innovating and staying ahead of us . But in many ways , attacks are still the same with only slight tweaks along the way .

Most of the bots we see today show the same level of sophistication that we saw five years ago . They just come

www . intelligentcio . com INTELLIGENTCIO AFRICA 31