It’s a busy time of year for retailers – what with Christmas, Black Friday and New Year sales, the spend in Q4 becomes stratospheric. Online shopping continues to account for a major slice of this and in the UK last year consumer spend hit £810 million during Black Friday for online purchases, and then a further £720 million on the following Monday – known as Cyber Monday. This year, online sales during the 24-hour period are expected to surpass £1 billion for the first time in UK history.

Although digital brands are under daily threat of possible breaches, hacks and spoofs, during Cyber Monday those threats are heightened as so many more shoppers interact with online shopping sites. As the potential for profits increase, so does the risk from cyber attackers, fraudsters and hackers. But it’s not just possible loss of revenue from attacks that etailers need to be worried about, according to recent research from the Ponemon Institute, website performance influences perceptions about security to the point where 88 percent of consumers distrust websites that crash and 78 percent of consumers worry about a company’s security when a website is sluggish. Websites that are slow to load or have frequent downtime erode consumer trust in a brand’s digital presence and the cost of rebuilding it is extremely high.

Poor website performance might be caused by technology issues but it also might be caused by cyber threats and etailers need to be aware of what might hit them:

DNS Attacks

Cache poisoning, aka DNS spoofing, is when customers try to access a brand’s website only to get hijacked to bogus pages where their logins, passwords and credit card numbers are siphoned off.

Counter measures include digital signatures that ensure that DNS responses are identical to those from your authoritative server so you are protected against forged or manipulated data. Look for a managed DNS service with hardened security features—the best should provide DNS protection at no extra cost. Also, non-open source resolvers (unlike BIND) are less prone to malware, viruses and attacks, and go for advanced security: permission levels, two-factor authentication and access control list (ACL) by IP to restrict access to DNS records.

DDoS Attacks

Disturbingly, DDoS attacks are powered by cheap tools that are openly sold online and are the easiest way to disable websites, often as a smokescreen whilst malware or a virus is installed. More frequently, they are being followed-up with a ransom demand. This type of attack is often done by competitors or political/social activists and include Volumetric Attacks, which saturate a site’s bandwidth with high-volume traffic (UDP floods, ICMP floods, and other spoofed-packet floods); Protocol attacks, which consume server resources or those of related communication equipment, like firewalls and load balancers (SYN floods, fragmented packet attacks, Ping of Death, and Smurf DDoS); and Application Layer Attacks—often masked as legitimate traffic, these more surgical attacks aim to crash the web server (Slowloris, zero-day attacks, Windows or open BSD vulnerabilities, and attacks that target Apache).

Online brands should implement countermeasures with purpose-built DDoS protection—hybrid solutions are best, combining on-premises hardware and cloud-based traffic scrubbing.

Site Overload

It’s obvious, but websites get much more traffic during Q4 and if brands don’t test their sites to see if they can handle peak traffic, disaster can strike. This is easily solved by load testing during the run-up to Christmas. By bombarding your site with traffic in a controlled environment, you can gauge how it will perform on Black Friday, Cyber Monday, or any day in early December. Well in advance of the rush, you can tackle any urgent issues.

Authentication Fraud

The Internet combines anonymity, reach and speed so is perfectly suited for fraudsters who are trying to use someone else’s identity to make online purchases. Knowing whether purchase requests are legitimate or fraudulent could save your brand millions. As Black Friday, Cyber Monday and the Christmas shopping season approaches, there’s an increase in activities like registering on shopping sites and applying online for credit. Etailers need to confirm on the spot whether a request is legitimate or based on stolen or fictitious identities and can do this by quickly and accurately validating online purchasers’ information using a reputable fraud detection and data validation service.

Be a Trusted Online Brand

In today’s world of cybercrime, a slick looking website is not enough. As consumers spend more time online, especially around the late November through December Christmas shopping season, it’s crucial to be a trusted digital brand and if online marketing, IT and security are not integrated, brands face the real possibility of destroying customer loyalty.

 

By Margee Abrams, Director of IT Security Services Product Marketing at Neustar. 

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus