web designing in kol...
Computer
Sam Crowther, Founder and CEO, Kasada talks about the significance of overcoming CAPTCHA Technology’s Challenges for effective cybersecurity and stopping bot attacks
Two of the most common questions I receive when talking about cybersecurity with friends and family who are not in the industry are “Can (insert technology, utility, or site here) be hacked?” and “How can bots get by a CAPTCHA?” My answers are always the same: anything that was built or engineered can be deconstructed or reverse engineered when there’s the correct motivation to do so. It can even be done to technologies that serve up random pictures of crosswalks or taxis and ask you to click the correct boxes.
This got me thinking a bit about the reliance of online businesses on various forms and generations of CAPTCHA technologies. Why do so many businesses still rely on CAPTCHA as a security tool? It’s been shown, again and again, that these tools are nothing more than speed bumps for motivated attackers.
Back when malicious bots were most often spam bots, CAPTCHAs were designed to prevent them from succeeding and using a business’ website to spread spam messages. And it worked. But then came motivated adversaries, CAPTCHA farms, and smarter AI. It didn’t take long for CAPTCHA challenges to become ineffective at stopping automation.
TODAY, BOTS ARE BEHIND AUTOMATED ATTACKS THAT STEAL INFORMATION, SCRAPE PRICES, COMMIT FRAUD, BLOCK LEGITIMATE CUSTOMERS FROM USING YOUR SITE, AND MORE.
Bot operators use the latest technologies to build workarounds and appear human to a website. CAPTCHAs are nothing more than the security equivalent of plausible deniability. What online businesses don’t know, can’t hurt them. Or so they think.
Customer Friction
That’s exactly what the problem is with CAPTCHAs, however. As an online business, you have no visibility into what bots or attacks have been stopped with CAPTCHAs and which have gotten through. By accepting the technology as the de-facto approach to stopping bots, you can look the other way and assume that it’s working.
CAPTCHAs slow down very few attackers in reality, but one thing they are successful at is frustrating paying customers. Customers look for a frictionless user experience, one that’s secure and efficient without delaying them from successfully completing a login, a signup or a transaction. CAPTCHAs are not efficient and can delay a transaction, often leading to either dropped customers, or customers that won’t return due to their dissatisfaction with the site.
Comments