Cybersecurity Failures Can Make Black Friday a Nightmare
Last year it was reported that UK consumers spent over £1 billion for the first time over the Black Friday weekend; this was a 35 per cent increase on the previous year. Increased online spending however also means greater opportunity for criminals and with cyberattacks becoming ever more frequent we all need to be careful and keep our personal information secure.
Consumers face a whole range of online risks and threats, for example, email phishing scams and fake promotional deals on social media sites. Clearly consumers need to take reasonable precautions to keep passwords safe, not clicking on unsolicited links, and following the usual advice around internet safety to avoid scams and unintentionally compromising their internet connected devices.
Advice around changing passwords and using strong passwords has been stated repeatedly and yet all too often is ignored, likewise advice on not clicking on links in emails from unknown sources. As Black Friday approaches there is no better time for consumers to heed the advice.
On the retailer side the threat cannot be overstated. Cyberattacks in other industries highlight the threat to the reputation of consumer facing companies from network breaches and the resulting loss of data. Telecoms company TalkTalk was recently fined a record £400,000 by the Information Commissioner’s Office (ICO) following a breach to its network in 2015 caused by failures to put proper security measures in place. TalkTalk saw a high initial rate of customer churn following the attack underscoring the fact that failing to keep data safe can have a huge effect on consumer trust.
Last year it was reported a man was arrested after trying to obtain customer details from Tesco, which led police to advise Black Friday shoppers to use different passwords and to change their existing passwords. With cybercrime costing the UK economy billions per year the retail industry is at particularly significant risk given the huge presence many leading retailers have online. These are not isolated incidents, cybercrime is a real and increasing threat.
Clearly whilst consumers must take responsibility for ensuring they keep their data safe and secure, so too must retailers, especially over the Black Friday and Cyber Monday period when the opportunities for criminal profiteering will be greatest. The threats include activity such as distributed denial of service (DDoS) attacks, which need to be front of mind for all CIOs and CISOs and the wider IT teams all the time, but even more so at this vitally important time of year.
Recent large high-profile DDoS attacks have crippled many different businesses. The key to effective DDoS mitigation lies in separating incoming traffic into known human traffic and bot-generated traffic. This is achieved by utilising threat intelligence and detection tools to discriminate legitimate and bad traffic. Best practices for DDoS mitigation include employing anti-DDoS technology and having an emergency response plan.
Retailers also face a significant threat from malware increasingly embedded in encrypted SSL connections and as such inspecting encrypted traffic should be a top priority. WhatsApp has led the charge to encryption, moving its traffic to the secure sockets layer (SSL) and encrypting the link between users so data can’t be stolen or changed. It’s expected that around 70 per cent of all internet traffic will be encrypted by the end of this year.
This upsurge in the use of encryption has made it far easier for criminals to hide malware from security systems. As a result, many companies are now wide open to attack. Most legacy solutions designed before the encryption boom simply cannot detect encrypted threats. Traffic visibility has become essential to effective security. Businesses must ensure they have powerful SSL inspection tools in place to analyse all traffic passing through the network. Only then can they ensure that hidden malware is found and kept out.
As many of us know, soft targets will be hit first so security needn’t always be perfect. Security needs to be robust enough to ensure those intent on carrying out criminal activity choose another route, by that I mean they find a softer target. Banks are a great example of this. They have built defences, which can theoretically be breached, but they are increasingly left alone by hackers because they have made the hurdles too high to jump over to get in. Retailers need to do the same.
In conclusion, Black Friday represents both a huge opportunity and a huge threat for an industry like retail. There are however many solutions out there that can help IT systems cope with the demands placed on them by the increased volume of online traffic that occurs over the period covering the online sales frenzy that is Black Friday and Cyber Monday. Ensuring systems are up to date and optimised will help retailers realise the huge opportunities the pre-Christmas sales period offers, whilst ensuring cyber criminals can’t ruin the period by hacking the company and destroying its reputation.