According to PwC’s 2016 Holiday Outlook1, this year’s holiday season spending is expected to reach its highest level since the recession, at least in the United States. In fact spending in the U.S. is going to increase by 10% over the same period last year. The same report states that consumers are moving towards using mobile devices for holiday time gift buying. This trend is great news for stores with an online presence – and for dedicated online operations, but it’s also good news for hackers.
The increasing use of mobile devices is a sort of a canary in a coalmine – it’s a good barometer to indicate that online shopping continues to increase in popularity. In fact, online shopping is now the chosen method of getting that special gift in the run-up to the holidays – in a survey of over 1,900 consumers across the US and UK, Computop found 76 percent of consumers planned to shop online this holiday season.2
This means that online retailers are going to have to be on top of their 2016 game when it comes to protecting data. Adding to the pressure, the Ponemon Institute estimates a minute of downtime costs organisations over $20,0003 and that’s during normal business periods, multiply that by several orders of magnitude during peak buying periods and you begin to get an idea of just why online retailers are girding their electronic loins for cyber attack as we head towards the end of 2016.
So what are retailers doing?
Aside from simply hoping that they will not be the victims of a cyber attack (and hope isn’t really a strategy) many online retailers are rolling out innovations to help protect the data that they manage.
One of the most innovative methods is simply an old marketing trick made new – demographic analysis. In marketing, identifying your target audience is key to segmenting your marketing efforts. But in order to be successful you need to track who is using your products. Once you know that men aged between 18 and 35 are buying, you have your baseline.
Online retailers are using a similar ‘behavioural analysis model to spot anomalous network or application traffic, including potential cyber attacks. When a traffic type reaches an unusually high percentage of total traffic, the behavioural engines take a closer look and may trigger advanced security solutions that will determine it to be an cyber attack and block this unusual behaviour.
Unfortunately for online retailers not every cyber attack can be headed off at the pass in this way. Distributed Denial of Service (DDoS) attacks can be foiled in this way, but often modern hackers take pains not to reveal their activity by altering traffic patterns – they often use malicious scripts which exploit weaknesses in application coding. Fortunately the latest advances in Web Application Firewalls (WAF’s) are significantly more advanced than older releases which placed a huge reliance on identifying IP addresses as a means of finding out just where a cyber attack is coming from. Today, advanced WAFs use device fingerprints which combines dozens of user device attributes. Combining this with behavioural analysis makes it possible to develop a reputational profile of the user and potentially identify behaviour as anomalous – and perhaps malicious.
Why is this sort of analysis so important? Well because of BOTS. The increasing use by hackers of BOTS to patrol the net to look for online vulnerabilities means that online retailers need to be more aware than ever before. Some experts maintain that most of the major security threats such as application DDoS, brute force, SQL injection are executed through botnets. Retailers are also interested in identifying BOT activity due to the fact that they can severely overburden transactional processing capacity – not something that would be welcomed at any time, but especially unwelcome during the high traffic holiday season.
Evolving cyber attacks
One of the latest threats giving online retailers sleepless nights is the increasing reliance of a certain class of hacker on ransomware. In fact, according to a report by Proofpoint there has been 600% growth in new ransomware families since December 20154. These types of cyber attacks use malware that denies access to data or systems unless the victim pays a ransom to the cybercriminal. Without access to files, data or entire systems, most organizations can’t function. Some victims pay the ransom and if only a few systems are affected, the cost can be manageable. It seems almost inevitable that these sorts of cyber attacks will increase during the 2016 holiday season.
Online retailers are taking the threat extremely seriously. However, most are taking common sense approaches that reduce the potentially disruptive effects of cyber attacks based on ransomware. These steps include keeping plug-in software such as shopping carts up to date. Making sure that web servers are not the sole repository for the website’s source code, data and security certificates (keeping this content in a source code revision tracking system ensures that a Web server does not become a single point of failure) and replicating data files on a regular basis.
The landscape surrounding data privacy and security is an ever changing one. In some ways it mirrors the natural world’s predator / prey relationships. As the predator (or in this case the hacker) increases its abilities so must the prey also evolve strategies to cope with new levels of threat. It seems that online retailers can only hope to fight a holding action at this point. However, solid planning, state of the art software and firewalls and perhaps most importantly a deep well of professional human capital that has the experience and knowledge to deal with the latest threat levels provide the best hope of allowing customers to really have a joyous holiday season. And for online retailers to avoid suffering both financial and reputational damage.
4 http:// www.proofpoint.com/sites/default/files/quarterly_threat_summary_apr-jun_2016.pdf