Online shopping at risk: Mobile application and API cyber attacks at critical high

Protecting mobile applications and APIs against automated threats is a top priority for online commerce businesses, according to data from a study published by DataDome.

Conducted by Forrester Consulting, this survey of online commerce companies evaluates the main impacts that malicious automated traffic have on businesses and their key cybersecurity priorities for the coming year.

Focusing on mobile application and API protection

• Two-thirds of respondents report that focusing on mobile application and API protection is a key priority for the next 12 months.
• 45% of surveyed respondents reported the cost of man-hours spent mitigating threats as the main impact of bot attacks, followed by loss of revenue (41%), and loss of customer trust (39%).
• Businesses are prioritizing protection against three types of online fraud: Card fraud, inventory fraud, and account fraud.

“The pandemic has changed customer expectations, mode of interactions, and demand for online commerce businesses. In this period of disruptive change, the internet is continuously flooded with automated traffic,” said Benjamin Fabre, CTO of DataDome. “With 40% of fraudulent traffic hitting mobile applications, protecting all endpoints — not just your website — has never been more critical.”

Impacts of malicious traffic

As malicious bots leverage scale and automation, they disrupt good customer traffic, diminish customer experience, and commit fraud. Respondents reported that protection from online fraud, particularly in the form of card fraud, inventory fraud, and account fraud, is of critical importance.

These attacks impact the entire value chain, from employee to customer: 45% of surveyed respondents reported the cost of man-hours spent mitigating attacks as the top impact, followed by loss of revenue (41%), and loss of customer trust (39%).

Safeguarding CX at all costs

It is a top priority for the surveyed organizations to safeguard user performance and app availability (86%), to provide a top customer experience (CX) and app experience (84%) with bot detection and management that is consistent across mobile apps, websites and APIs (79%), and false-positives identified in real-time (76%).

And for good reason: regardless of attack types and detection mechanisms, the majority of attacks require active intervention and overwhelmingly (71%) target high-profile events or promotions — which can be very costly for online commerce companies.

The survey data is clear: firms have a collective business priority to ensure optimal customer experience, user performance, and a consistent approach, regardless of platform, toward bot management. What’s more, they know they cannot handle these automated threats on their own, and predominantly look for the qualities of responsiveness and industry expertise to guide them through their bot management solution.