We need to talk about chatbots
Digital transformation strategies open up plenty of opportunity for communications service providers (CSPs) to combine security in their offering. That’s the view of Andrew Foxcroft, Radware’s regional director for the UK, Ireland and the Nordics.
Digital transformation is the project of our time. Never has the telecoms infrastructure been so critical to serving the customer and keeping a business running. Utilities and service sectors are investing in artificial intelligence and developing chatbots to give customers more options for getting help online, and financial services companies are investing heavily in mobile payment models.
The retail sector is probably one of the most exciting industries to watch transform. More and more retail assistants have mobile devices to help with stock queries and queue busting, while the use of bots online is on the up –in everything from electronic couponing to price aggregation. Today, 40% of retailers say that three quarters of all their internet traffic is from bots.
Despite their seemingly helpful nature, bots are proving to be a challenge for CIOs. On one hand, the use of bots is an exciting development in improving customer service and business efficiency. On the other, they are often being abused and malicious bots are causing a real headache for CIOs.
Web scraping attacks plague retailers by stealing intellectual property, undercutting prices and holding mass inventory in limbo. There’s also a trend for sneaker bots, which are designed to buy up the full inventory of exclusive limited edition trainers to sell through unauthorised channels at a mark-up.
It’s not limited to sportswear either. Airline and concert tickets have fallen foul as well. But despite the knowledge this is going on, 40% of retailers are unable to identify bad bots.
The use of applications to improve agility is also a cause for concern. Around half are being developed using continuous delivery models but it’s a model that recognised as flawed – almost two thirds of senior IT directors think it introduces too much risk, not least because security is omitted from the process in half of all app development. It’s an afterthought.
Plus, the application programme interfaces (APIs) used by the apps aren’t encrypting data, even that which includes very personal information and payment details. In fact, only 48% of companies are inspecting the data that is being transferred between APIs and 51% don’t do any security audits or analyse potential security vulnerabilities before launch.
Of course, the other big shift we’ve seen in retail in recent years is the importance of Black Friday as a kickstarter for Christmas. The trading results for Christmas will be hotly anticipated and keeping on top of threats and preventing any outage will be a contributing factor to success. CIOs know they are in the firing line should transactions fail.
It places a huge amount of pressure on the telco sector to ensure online sites are always available. But it’s a battle it appears to be losing as 51% of retailers don’t think they can keep applications up and running 100% of the time.
What’s more, busy periods really test security measures and 30% of retailers admit they can’t be sure they can secure sensitive data during peak trading times.
In the past, everyone would worry about denial of service attacks. That’s not to say that they have gone away, far from it, but it would appear that the retail sector is finding that they are relatively straightforward to detect and manage compared to the new age of apps and bots. As the landscape has become complex so too has the ability to manage risk.
However, a gap is beginning to develop between public concern over the security of personal data and companies’ ability to ensure this data is safe while offering new services. Businesses need to take responsibility and overcome the challenges – but they also need help.
They need advice that will help them put in place plans that keep services available and secure every second of the day. They will be looking to vendors and the CSPs – especially those that can provide both the infrastructure and security – to provide answers, and they will be expecting the answers fast.
The author of this blog is Andrew Foxcroft, Radware’s regional director for the UK, Ireland and the Nordics.
Comment on this article below or via Twitter: @VanillaPlus