For anyone thinking that global e-commerce is largely free of widespread and persistent hacker threats, consider the following: Chinese e-commerce giant Alibaba says that it intercepted 2.2 billion cyber attacks on a single day – November 11, 2019. That day, of course, is Singles Day in China, which has become the biggest annual online shopping event, along the lines of Black Friday or Cyber Monday in the United States. In order to deal with these 2.2 billion cyber attacks, Alibaba says that it deployed more than 3,000 security specialists and 1,258 algorithmic models worked 24 hours around the clock.
The Alibaba threat matrix
According to Jessie Zheng, Chief Risk Officer at Alibaba, the 2.2 billion cyber attacks on Singles Day included several broad classes of threats, including counterfeit goods, abnormal transactions and malicious complaints. The 2.2 billion cyber attacks in the 24-hour period also included network traffic attacks, brute force hacker attacks and unfair scalping by buyers. Thus, the Alibaba threat matrix is much more complex than just distributed denial of service (DDoS) attacks, or other routine cyber threats that can be dealt with fairly easily. That might explain why Alibaba deployed a team of both humans and machines to deal with the unprecedented wave of attacks.
And, in fact, Alibaba Group says that it thwarts 300 million hacking attempts per day. By way of comparison, then, the Singles Day cyber attacks represent approximately a sevenfold increase in the number of cyber attacks faced by the company on a daily basis. The good news is that Alibaba has been remarkably proficient in detecting and mitigating these threats. At the Forbes Global CEO Conference in Singapore, for example, Alibaba founder Jack Ma said that Alipay processes more than $50 billion in daily transaction, but has thus far “yet to lose one cent to hackers.” That’s an impressive feat, given that Alipay reportedly has 1 billion users worldwide.
And Alibaba has dealt with plenty of massive cyber attacks even before the unprecedented wave of hack attempts that hit the company on Singles Day. Back in February 2019, the company successfully fended off a huge attack on its Taobao e-commerce site, in which over 20 million users were impacted by the cyber threat.
Alibaba and artificial intelligence
So what’s the secret to Alibaba Group being able to deal with massive and persistent cyber threats on a daily basis? One key, says Jack Ma, is the firm’s reliance on artificial intelligence (AI) and machine learning algorithms to spot abnormal patterns and irregular transactions. In fact, Alibaba is so proud of its AI algorithms that it refers to AI as “Alibaba Intelligence.” As Ma also noted at the Forbes Global CEO event in Singapore (where he was picking up a Forbes lifetime achievement award), machines are superior to humans in using logic to thwart malicious online behavior. Alibaba’s algorithms may not be 100% perfect in spotting malicious activity, but they are able to recognize more than 1 million ways of cheating. That’s an impressive figure, especially given that the average e-commerce consumer might only be able to name a handful of different ways of cheating online.
One reason why the AI algorithms are so successful, says Ma, is because they have been trained only to respond to the facts, and not to let emotions, biases, or contextual suppositions take over. At the end of the day, says Ma, “A machine only cares whether you do good things or bad things.” Ma says he now finds it easier to trust machines than to trust humans to protect the company, simply due to how effective they are at spotting cyber risks.
Customer data and the cyber threat matrix
However, the ability of an e-ecommerce giant like Alibaba to successfully fend off 300 million cyber hacks per day is based on the company’s willingness to use as much of your customer data as it can to help train the AI algorithms. The more data that machines have to learn from, the better they will be in learning about cyber threats out there. Over time, they will even be able to anticipate new threats, even when they have not yet seen those cyber threats online.
That raises an interesting question: How much of your personal data do you want to hand over to e-commerce players in exchange for a secure shopping experience? Do you want to give these companies full access to your transaction history, so that data mining programs can go to work on all this data? Do you want personally identifiable information from your shopping profile – such as physical address or IP address – to be used in these AI models of cyber risk?
In the United States, the closest example to Alibaba is probably Amazon, the biggest U.S. e-retailer. But how many people would want to share their personal e-commerce data with Amazon, knowing that this huge tech giant already has access to so much of their other personal data via other sources? At a time when many people are justifiably concerned about their Amazon Echo devices “eavesdropping” on their conversations, and when companies like Amazon and Facebook are routinely brought up as examples of companies that are running roughshod over personal data, how much do you trust them to protect and safeguard your data?
In many ways, then, the Alibaba Singles Day case study boils down to a question of security vs. privacy. In the U.S. marketplace, privacy is viewed as a much higher priority than security. But in the Chinese context, security is viewed as a much higher priority than personal privacy. Thus, any e-commerce company will have to make a choice in how it will balance conflicting priorities of security and privacy, especially as they embrace new trends in artificial intelligence.
Transparency on the Singles Day cyber attacks
The Alibaba case study of the Singles Day hacking spree involving 2.2 billion cyber attacks also illustrates another important trend within the world of cybersecurity – a new willingness by top companies to embrace transparency when describing their cybersecurity initiatives. In the past, companies might have been cautious about divulging the facts of massive cyber attacks. After all, wouldn’t consumers be scared away from using your platform if they knew that 2.2 billion cyber attacks just occurred on Singles Day?
But Alibaba is proof that the market wants and demands greater transparency about cyber risk. And, for that reason, Alibaba should be applauded for being so open about the scope, size and nature of the cyber threats that it is facing each day. The Singles Day hacking spree might be an anomaly in terms of size and scope, but the company has obviously put into place the types of defenses and safeguards that help to insulate it from cyber risk, regardless of how aggressive global hackers become.