CISO Perspective: Q1 2025 Threat Insights Report

Fastly’s Security Research Team has unique insight into security trends, attack vectors, and threat activity across the application security landscape. Drawing from trillions of requests across our global customer base, we can gather a real-time view into what’s materially impacting security teams in the context of larger trends.  

Each quarter, we summarize key findings and provide perspectives on what this means for the broader market and for you. The aim is to provide readers with insights to inform their own security program strategies, priorities, and practices. 

With the recent drop of our Q1 Threat Insights Report, I’ve set out to provide my perspective on the findings, and in particular, how they impact business from the broader lens of my role as CISO.

Below are my takes on the Q1 findings:

E-commerce attacks are growing

In reviewing the data, I was particularly interested in the growing divide between attacks in the E-commerce space and those in high tech. Though high tech saw 35% of all observed attacks across our research, this is still down from 54% a year ago (Q1 2024). 

In contrast, the E-Commerce space saw quite an increase compared to Q1 of 2024: Q1 2025 showed 31% of attacks, in comparison to 15% a year ago.

E-commerce provides attackers with more potential for short-term financial reward: these websites can be very lucrative targets for bad actors to steal sensitive data, disrupt operations, and even take over accounts. These activities can all be performed for profit or fraud. The potential gain of a successful attack makes E-commerce sites an attractive target, and is likely why we’re seeing an uptick in attacks. 

This demands a better look at security measures for the e-commerce space.  Implementation of bot protection can help to eliminate excessive abuse and misuse of application resources that power fraudulent activity: think account takeovers or DDoS attacks. Use of a WAF can help to detect and block malicious traffic and prevent costly compromises.

Supply chain attacks remain a very real threat for high-tech

Though attacks on high-tech, as a portion of overall attack traffic, have decreased since the same time period last year, this does not indicate an associated decline in threat. In absolute terms, the volume of attacks is similar to what we saw last year.  And high-tech orgs are a target for backdoor attacks in particular - through unauthorized points of entry into target systems, bad actors can bypass security measures and systems, effectively launching a software supply chain attack. 

High-tech remains a very attractive target thanks to the potential for downstream impacts after a successful attack: if a bad actor gains access to a high-tech org’s systems, attackers can access not only the target company but also any customers, partners, services, and vendors associated with them. A successful attack has great potential to yield an attacker's ever-growing access to those linked to the target company.

The Q1 report found that there was a significant percentage of backdoor attempts (15% of attacks) in the high-tech industry, with negligible numbers for different industries. This disproportionate use of backdoor attacks indicates a thirst for attackers to get a foothold in high-tech, with the aim of wreaking havoc throughout their supply chains. 

Tech companies will need to stay vigilant against these risks and be ready to respond if one of their vendors falls victim to one of these attacks, even as they respond to new and evolving threats.

Orgs still need to get a handle on bots

Interesting to me, too, was the prevalence of bot traffic: our Q1 report, using Fastly Bot Management data, found that 37% of all observed traffic originated from bots. That means more than ⅓ of traffic is from bots!

Of that 37%, we found that 89% were unwanted bots. This resulted in 33% of total traffic being unwanted: traffic that posed no business value, was potentially fraudulent, and imposed unnecessary (and avoidable) infrastructure strain, with ZERO added value. 

To put it in financial terms: this means that $1 in every $3 spent on infrastructure, bandwidth, or performance was very likely wasted.

Bots in E-commerce are a problem

Echoing the concerning increase in E-commerce attacks mentioned above, we looked at bot traffic by industry and found E-commerce sites to have the highest percentage of unwanted bot traffic across industries. As profitable targets for attacks, it makes sense that they were number one in our findings. 

Examining the breakdown of wanted and unwanted bot traffic by industry, E-commerce websites attract the largest proportion of unwanted bot traffic at 39%. This trend aligns with broader attack patterns highlighted above. The attractiveness of E-commerce sites for attacks demands that organizations consider bot management solutions to better protect against attacks.

CISO Recommendations

So what does this all mean for you? 

At Fastly, we are in the business of high tech. As the CISO, I take a broad view of my team’s responsibility: ultimately, we are here to protect our customers. That means, first and foremost, preventing supply chain risk to those customers, including prevention of backdoor web application attacks discussed in our report. 

Many of our customers are in the E-Commerce space. Our report shows they are now a primary target and need to understand that strong edge security is no longer optional.  

You can read more about our findings and steps you can take to better protect yourself in our Q1 Threat Insights Report.