SANTA CLARA, Calif. , December 2024 (GLOBE NEWSWIRE): Cequence, a leader in API security and bot management, today unveiled new insights from its CQ Prime threat research team that underscore the growing cyber threats targeting the retail sector during the holiday season. The research reveals that businesses could face average potential losses of $2.58 million per hour throughout December due to malicious bot traffic and fraud attempts.
Drawing on billions of real transactions and attack data from Cequence’s Unified API Protection (UAP) platform, the report highlights the expanding attack surface that cybercriminals exploit during peak shopping periods like Black Friday and Cyber Monday.
For a visual summary of the report’s findings, including the impact of malicious bot attacks and strategies to defend against them, download the infographic here.
Key Findings:
- E-commerce Growth and Risks: Total e-commerce transactions doubled year-over-year (YoY) from 5.1 billion in 2023 to 10.4 billion in 2024, with 34.62% flagged as malicious—up 138.57% from the previous year.
- Financial Impact of Cybercrime: Cybercrime during the 11-day period from November 22 (Black Friday) to December 2, 2024 (Cyber Monday) resulted in $681.12 million in potential losses, with projections for December 2024 averaging $2.58 million in losses per hour, totaling $1.79 billion.
- Sophisticated Attack Techniques: Sophisticated attack techniques, including credential stuffing, SMS pumping, and token farming, experienced a 700% YoY increase.
- Real-World Mitigation: A major e-commerce company mitigated an SMS pumping attack that cost $3,000 every four hours, successfully blocking fraudulent account creation and preventing further financial losses with Cequence’s advanced bot and API protection.
Real-World Mitigation: Cequence managed a 125% traffic surge on Black Friday, blocking 11.5 million malicious attempts while maintaining seamless customer experiences.
With the growth of legitimate e-commerce transactions, businesses face an unprecedented challenge of defending against increasingly sophisticated and high-volume attacks. Cequence’s research found a 72.6% increase in mitigated malicious traffic from 2023 to 2024, highlighting the urgent need for proactive security measures.
“Cybercriminals are seizing on the rapid growth of digital commerce, using increasingly sophisticated tactics to target both businesses and consumers,” said Randolph Barr, CISO at Cequence. “This year’s findings are part of a broader trend: as e-commerce continues to evolve, so too does the scale and complexity of cyber threats. These findings highlight the critical need for businesses to adopt robust API and bot management solutions to protect revenue, maintain customer trust, and stay competitive in an increasingly digital world.”
To navigate heightened cyber threats, Cequence advises businesses to take these steps:
- Enhance Incident Readiness: Conduct regular security drills to simulate various attack scenarios. Continuously review and refine response plans based on evolving threats, ensuring all stakeholders are prepared.
- Map Your Attack Surface: Create and maintain a comprehensive inventory of all public-facing applications and APIs to eliminate blind spots that attackers often exploit.
- Align Security with Business Objectives: Ensure security measures support key goals, such as seamless user experiences or faster performance. For instance, implement secure user validation techniques that balance speed and protection.
- Deploy Multi-Layered Security: Combine solutions like API protection, web application firewalls, and bot mitigation tools to address complex, multi-faceted attacks effectively.
- Monitor Anomalous Behavior: Continuously analyze user activity for suspicious patterns, such as repeated failed login attempts from diverse IP addresses, which may indicate credential stuffing or account takeover attempts.
- Strengthen Access Controls: Use robust authentication measures like multi-factor authentication (MFA) and dynamic token-based security to guard against unauthorized access.
- Invest in Real-Time Threat Management: Leverage tools that provide 24/7 monitoring and automated mitigation to quickly detect and neutralize threats without impacting legitimate traffic.
- Optimize for High-Traffic Events: Prepare for spikes in activity during critical periods like Black Friday by stress-testing systems and scaling security measures in advance.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream formerly known as CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, The Mainstream formerly known as CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, The Mainstream formerly known as CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK