Holiday shopping is officially in full swing, and online holiday sales are expected to grow 12% this year – which would bring the total retail eCommerce holiday sales in the US alone to over $200 billion.

Online holiday sales are expected to grow 12% this year – bringing the total retail eCommerce sales in the US to over $200B.
Holiday shopping is officially in full swing, and online holiday sales are expected to grow 12% this year – which would bring the total retail eCommerce holiday sales in the US alone to over $200 billion.


The "block all bots" era is over. Read our breakdown of Forrester's latest research on why marketing and security must join forces to survive the new wave of AI agents.

KasadaIQ analyst commentary on the threat environment
Source: eMarketer Industry Insights – Holiday Preparedness, 2021
As an online provider, you’ve followed the eCommerce holiday readiness tips and been prepared for months. You’ve optimized your digital experience to achieve the best conversion rates across all channels, you’ve configured your CDN for maximum offload, and you may have even locked down your site to decrease the potential for things to go wrong. Now all hands are on deck to manage the spike in holiday traffic.
However, if the pandemic has taught us one thing, it’s that you’re ready, ‘til you’re not.
The pandemic-driven everything shortage has led to a number of cascading problems that make the online shopping experience much different for consumers and more complex for online providers this year.
In reality, “anything that doesn’t make it onto shelves could be a beacon for the bots,” as Forrester asserts in a recent article.
What this means is more eCommerce providers and retailers than ever before will be subject to scalper bots, or “grinch bots”, even if they aren’t selling the most in-demand electronics or sneakers, and they may learn the hard way what it really takes to be ready for these bad bots.
It seems like every day there’s a new shortage to add to the list as a result of the current supply chain crisis. In turn, we are experiencing major supply and demand issues in physical and online stores, not just for typical in-demand items, such as the PS5, but for everyday household items as well.

Bot operators thrive on supply and demand challenges. They take advantage of a low or limited supply to profit by reselling merchandise and services on various secondary markets with a high markup.
Fraudsters have been busy gearing up for this holiday season by stealing and testing login credentials, creating and aging user accounts, reverse engineering your defenses, and using your lockdown environment as a playground to see what works and what doesn’t.
At first, you may not know or care if bots scoop up your inventory. However, scalper bots used to scan infrastructure for product availability can increase a given retailer’s traffic by up to 10X, which cuts into margins, as it is expensive to process large magnitudes of non-human traffic. Some of our customers claim they actually lost money selling their in-demand products because the cost to process bot traffic eats away at their operating profit.

In our customer example above, only 19% of the requests are from legitimate users. This major retailer had no idea there were so many bad bots in their traffic. When the bad bots aren’t detected and stopped, you have skewed metrics and pay for it in your hosting platform monthly bill. This illustrates the invisible, yet very real, impact of bad bots.
Online providers’ security defenses and checkout processes don’t work as well as they should against automated threats, as evidenced by grinch bots’ inventory hoarding and denial of inventory attacks that we’ve encountered during previous holiday seasons.
Even organizations that have taken steps to mitigate bots are vulnerable to scalpers due to efficacy issues with their current anti-bot solutions. Our 2021 State of Bot Mitigation report found that 85% of companies say their bot management solution lost its efficacy after just one year, and 76% say they are either playing a game of cat and mouse with attackers or feel like bot mitigation has become an impossible balancing act. This is because sneaker bot builders are some of the most intelligent, motivated, and collaborative in the industry. Years of innovation and learnings used to secure inventory during sneaker hype sales are now applied towards any enterprise application that can help them gain an unfair advantage to profit.
For the most proactive organizations deploying specialized anti-bot systems, our experience tells us that 30-90% of the bad bots that should be stopped, simply aren’t. Bot operators have evolved their methods beyond what traditional architectures are able to detect and stop. Subsequently, all of the work you’ve done to optimize your user experience and CDN controls will be for naught because processing a massive amount of bot traffic results in infrastructure strain and latency. Clearly, this leads to an unacceptable customer experience, and it is exacerbated by false positives, false negatives, and ineffective traditional methods, such as CAPTCHAs. Together, these consequences harm your reputation, brand, and bottom line.

Bots also pose a serious risk to the valuable web metrics you collect and analyze during the holiday season. Heightened bot traffic skews your analytics, making it impossible to gain a true understanding of how your holiday promotions are performing, which can improperly inform future business decisions.
Here are four essential steps to help you prevent bot attacks on your website, mobile apps, and APIs, along with questions to ask and quick tips, this holiday shopping season.
Step 1. Understand the unique bot threats and risks to your business.
Step 2. Remove bad bots to uncover insights into your web traffic.
Step 3. Prioritize your customer experience, conversion rates, and revenue generation.
Step 4. Continue to expect the unexpected.

As a retailer or eCommerce provider, it’s more important than ever to protect your profits against automated attacks — especially if you’re experiencing efficacy issues with your current solution or have never had to contend with grinch bots before.
Unfortunately, the everything shortage is not going to magically end after the holidays. Our current supply chain difficulties will likely extend well into 2022 and beyond.
If you’re not effectively addressing bots this holiday shopping season, then you are at a disadvantage against motivated adversaries and competition.
It’s not too late to strengthen your defenses against automated threats for the holidays.
If you’re not sure if bad bots are a problem for your company, you can quickly test your site here to see which bot threats you’re unable to detect and stop.
Either way, we’d love to show you what we’re seeing as we protect $20B in eCommerce revenue from some of the most complex bots – the same ones that are hitting your digital channels.
With a modern approach that stops new bots never seen before and without all of the configuration and maintenance headaches that come with solutions that rely on outdated architectures, we help defend against automated threats, providing a more secure and seamless online shopping experience for your customers.
If you need immediate assistance with stopping bot attacks, we’re here to help. We deploy in under 30 minutes, integrate seamlessly with any CDN, provide immediate time-to-value against new bots never seen before, and offer quick POCs and emergency deployments.