When it comes to web traffic, 79% of CISOs can't tell the difference between humans and bots

Bots make up more than half of the traffic on the internet, according to a new Radware report.

Video: Why your company is vulnerable to AI-powered bots Twitter is flooded with bots, and Facebook is rife with fake news. Edward Roberts of Distil Networks explains how bots work and the best ways to defend your company from automated cyber-attacks.

Bots are now responsible for 52% of all internet traffic flow, according to a new survey from security firm Radware. This creates a blatant blind spot for IT security teams, as 79% of CISOs and other security leaders said they can't tell for certain if web traffic comes from humans or bots, the report found.

The survey, conducted by Ponemon Research on behalf of Radware, included responses from more than 600 CISOs and other security leaders across retail, healthcare, and financial services in six continents.

Bots are particularly troublesome for online retailers, as these companies use bots for price aggregation sites, electronic couponing, customer service, and more. Some 41% of retailers reported that more than 75% of their traffic comes from bots—yet 40% said they still cannot distinguish between good bots and malicious bots. Malicious bots pose a risk to the retail industry, as web scraping attacks can steal intellectual property, undercut prices, hold mass inventory in limbo, and buyout inventory to resell goods through unauthorized markets, the report noted.

SEE: Information security incident reporting policy (Tech Pro Research)

Healthcare is also plagued by bots: 42% of healthcare traffic is from bots, and only 20% of IT security leaders said they were certain they could identify malicious ones.

Along with bots, 45% of companies surveyed reported experiencing a data breach in the last year, and 68% said they are not confident that they can keep corporate data safe. Many companies also fail to adequately protect sensitive data: 52% said they do not inspect the traffic that they transfer to and from APIs, and 56% said they do not have the ability to track data once it leaves the company.

While more companies are adopting DevOps, application security still remains an afterthought, the survey found. Half of respondents said they currently use the continuous delivery of application services, and another 21% plan to adopt it within the next 12-24 months. However, 62% said they believe this method increases the attack surface, and about half said that they do not integrate security into their continuous delivery process.

"It's alarming that executives at organizations with sensitive data from millions of consumers collectively don't feel confident in their security," said Carl Herberger, vice president of security solutions at Radware. "They know the risks, but blind spots continue to pose a threat. Until companies get a handle on where their vulnerabilities are and take steps to protect them, major attacks and data breaches will continue to make headlines."

Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.

  • 52% of all internet traffic is conducted by bots. -Radware, 2017
  • 79% of CISOs and other security leaders said they can't tell for certain if web traffic comes from humans or bots. -Radware, 2017
  • 45% of companies surveyed reported experiencing a data breach in the last year. -Radware, 2017
Image: iStockphoto/Zapp2Photo

Also see

By Alison DeNisco Rayome

Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.