Impact and Mitigation Strategies of Malicious Bots in Business

Moderated by ActualTech Media’s Editorial Director, Keith Ward, our distinguished presenters, Joshua Haslett, Strategic Technology Partner Manager from Google Cloud, and Jim Downey, Cybersecurity Evangelist from F5, provided an extensive look into key topics from different aspects of the business from the board to leadership and operations to engineering.

From the board room perspective, the conversation took a firm stance on how best to factor in malicious bots as the board speaks with the executive staff about corporate governance and risk management. Joshua and Jim reinforced the reality that companies that depend on applications to engage with customers are at risk from malicious bots and other automated attacks.

These don’t represent just one risk, however. There are countless ways that criminals and unwanted actors can use bots to their advantage. Each technique employed by these bad actors can impact costs, revenue, customer experience, and brand reputation. Some attack examples covered include:

• Credential cracking
• Credential stuffing
• Scraping
• Carding
• Gift card fraud
• Loyalty program attacks

The presenters also discussed several approaches that an executive leadership team could take to successfully demonstrate to the board how they are making a difference with mitigations and compensating controls using their budgeted countermeasures. Joshua and Jim presented various methods leaders could utilize to spot the signs of active bots and measure the effectiveness of their bot-mitigating efforts. They also offered a very conclusive recommendation to engage in a proof of concept where effective bot-mitigation technology is run in monitor mode to help paint a clear picture of bot risk posture that can be shared with key stakeholders throughout the organization.

Regarding IT operations teams, here, the conversation begins to straddle the elements of technology, process, and staff. Joshua and Jim turn their attention to how best to harmonize revenue protection, cost control, and compliance adherence. During the conversation, the presenters reminded the Ops team to remember that, when presenting to the executive team and the board (or asked to do so), lead with the most impactful conclusions rather than jumping into the weeds. It’s also important to be prepared to drill into the data and justify your assumptions if asked any tough questions.

As the organization has its conversations about bot-related risk, one group of professionals that can find themselves furthest away from the board are the developers and security team teams. For this combined operations group, the key message from the presenters is to remember that it’s about meeting the need for strong bot mitigation without creating friction for legitimate users. Jim pointed out that there is no need to trade bot mitigation and customer experience. F5 has a bot management solution, F5 Distributed Cloud Bot Defense, that is highly effective at defending against malicious bots with near-zero false positives. Google Cloud and F5 make it possible to maintain safe, fast, and seamless user experiences.