Incapsula surveyed 1,000 websites over a 90-day period, during which we recorded over 1.4 million unauthenticated access attempts and 20,376 authenticated logins.
Their data shows that 2.8% of the unauthenticated attempts were made by human visitors. This suggests that most of these should be attributed to “human error” (e.g., typing the wrong password) and to the initial one-time 2FA activation process.
The numbers also show that another 1.8% of the unauthenticated visits were made by benevolent bots (e.g., search engines, legitimate crawlers, RSS readers, etc.) whose numbers would certainly be much higher, if not for the common practice of blocking the login URLs using the robots.txt file.
The remaining 94.1% of the visits were made by malicious automated tools – the kinds that are used to discover and exploit password-related security holes. Simply put, this means that on average 15 of every 16 visitors to your login page have ill attentions in mind.
SOURCE: net-security.org
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…