The Truth About Bots That Your Business Can’t Ignore

By Stewart Boutcher is founding CTO and Data Lead at Beaconsoft Ltd

A report recently published by market research firm eMarketer shows digital ad spending in the UK is on course to grow by 0.3% in 2020, to reach a total of £15.8 million.

This growth has been driven largely by the pandemic and businesses taking advantage of the increased amount of time people are spending online, but what many do not realise is that a significant chunk of their digital marketing budget could be being wasted by so-called ‘bots’.

Bots are pieces of software that run automated tasks on the internet and are designed to remove the need for human interaction in every day operations.

It is estimated that half of all internet traffic is attributable to bots, many of which are carrying out useful tasks, such as the Google bot which gathers information about the content of websites for the Google search engine.

However, there are also malicious bots used by scammers to undercut deals, divert visitors or steal clicks from paid ads. These bots can account for a substantial portion of all traffic from paid digital ads (PPC and promoted social posts), often up to 30% and in some cases, in excess of 90%. Therefore, bots are increasingly becoming a reality that businesses simply cannot afford to ignore.

But who is responsible for these bad bots, what damage could they do to your business, and what can you do to minimise the risk?

Identifying the culprits

In most cases, bad bots are operated by cybercriminals, albeit for a variety of different reasons.

Usually, they are trying to obtain data that can then be used in fraudulent activity, steal money or divert assets, spread ‘fake news’, or conduct DOS attacks to hold businesses to ransom.

Sometimes, these cybercriminals act on behalf of companies willing to use dirty tactics to get an edge on the competition, or they will otherwise look to auction off the information they have obtained to the highest bidder.

In a 2018 report released by the National Strategic Assessment of Serious and Organised Crime, cybercrime – of which bad bots account for a significant proportion – was identified as one of the key threats to the UK’s prosperity.

The threat bots pose to your business

The financial and reputational damage that bad bots may inflict on your business could be vast and profound.

For example, ‘price scraping’ bots can gather and analyse product prices on your website which can they be used by your competitors to beat your prices online.

As content scraping bots are designed to steal and reuse website content elsewhere, your brand’s reputation could also be affected if content were allowed to be replicated.

Another type of bot, known as ‘credential cracking’ bots, can use brute force attacks to ascertain user credentials, potentially leading to accounts being locked out and financial fraud taking place.

Conversely, ‘account creation’ bots make free accounts that are then used to send spam and exploit promotions aimed at new users.

‘Denial of service’ bots have the capacity to deploy DOS attacks that can overwhelm or crash your website, preventing legitimate users from accessing it.

There are many other kinds of bad bots that cybercriminals could use against your business, but all of them have a clear purpose – taking away your hard-earned and well-deserved money, clients and reputation.

How to protect your business

It is clear that bad bots are a very real threat to your business, though there are steps that you can take to minimise their potential damage.

Properly setting up rules on your website’s robots.txt file – a file that lives on a web server and specifies the rules for any bots accessing the website – is the first thing that you should do to protect your business. Whilst this will not necessarily stop bad bots from getting onto your website, it could help overly aggressive crawlers – programs that systematically browse the web to create an index of data – from taking your website down.

Another way that you can minimise the risk of bots is through the use of Google’s reCAPTCA security service, which requires human input or other validation, such as email verification or texted one-time codes.

Web-based solutions, including firewalls, can prevent lots of threats from ever reaching your website, while identifying unusual traffic sources in your analytics or spikes in login attempts can both be tell-tale signs of bot activity.

Conclusion

These are all very basic things that you can do to provide your business with some added protection, but the severity of the threat for many companies means more must be done to keep them safe online.

The bot problem is of such significance that often a substantial amount of time and effort must be placed into tackling them, and this is why it is important to seek expert advice to properly assess the specific needs of your business.

As the digital marketing space continues to grow, businesses cannot make the mistake of underestimating the threat that bad bots pose to their future prosperity.