Why is this sort of analysis so important? Well because of BOTS. The increasing use by hackers of BOTS to patrol the net to look for online vulnerabilities means that online retailers need to be more aware than ever before. Some experts maintain that most of the major security threats such as application DDoS, brute force, SQL injection are executed through botnets. Retailers are also interested in identifying BOT activity due to the fact that they can severely overburden transactional processing capacity – not something that would be welcomed at any time, but especially unwelcome during the high traffic holiday season.
Evolving cyber attacks
One of the latest threats giving online retailers sleepless nights is the increasing reliance of a certain class of hacker on ransomware. In fact, according to a report by Proofpoint there has been 600% growth in new ransomware families since December 20154. These types of cyber attacks use malware that denies access to data or systems unless the victim pays a ransom to the cybercriminal. Without access to files, data or entire systems, most organizations can’t function. Some victims pay the ransom and if only a few systems are affected, the cost can be manageable. It seems almost inevitable that these sorts of cyber attacks will increase during the 2016 holiday season.
Online retailers are taking the threat extremely seriously. However, most are taking common sense approaches that reduce the potentially disruptive effects of cyber attacks based on ransomware. These steps include keeping plug-in software such as shopping carts up to date. Making sure that web servers are not the sole repository for the website’s source code, data and security certificates (keeping this content in a source code revision tracking system ensures that a Web server does not become a single point of failure) and replicating data files on a regular basis.
The landscape surrounding data privacy and security is an ever changing one. In some ways it mirrors the natural world’s predator / prey relationships. As the predator (or in this case the hacker) increases its abilities so must the prey also evolve strategies to cope with new levels of threat. It seems that online retailers can only hope to fight a holding action at this point. However, solid planning, state of the art software and firewalls and perhaps most importantly a deep well of professional human capital that has the experience and knowledge to deal with the latest threat levels provide the best hope of allowing customers to really have a joyous holiday season. And for online retailers to avoid suffering both financial and reputational damage.
4 http:// www.proofpoint.com/sites/default/files/quarterly_threat_summary_apr-jun_2016.pdf