As companies move applications to the cloud and expose functionality via application programming interfaces (APIs), criminals have been moving quickly to take advantage of this newly exposed attack surface. By using botnets, they can dramatically increase the reach and effectiveness of their attacks. As with many new technologies, security is lagging behind.
The problem is that companies must be strategic about where they spend their security money, says John Carey, managing director in the technology practice at AArete, a management consulting firm. Investments in anti-bot technology are usually invisible to customers. “Tools and skills are in demand and increasingly expensive,” he says. “Similarly, the threat landscape is expanding, as it’s a lucrative crime area.”