- Security TWENTY
- Women in Security
After Black Friday – the date before Christmas when shoppers take to the internet to do their present shopping online – come the potential risks facing retailers on Cyber-Monday, November 30, say IT security figures.
Carl Leonard, Principle Security Analyst for Raytheon|Websense, believes retailers are behind the curve when it comes to cybersecurity awareness. He says: “The challenge of securing retail organisations is not just a UK problem but a global issue of retailers being underprepared for cyber-attacks. The busiest shopping periods of the year are upon us and retailers are quickly building up large repositories of customer data. They should seek to protect that and reliability of their service.
“The threat of a DDOS attack is a key problem for retailers, given the amount of revenue they could stand to lose should their website be unavailable during a busy shopping period. With the large volume of stolen credit card details in circulation it would be wise for a retailer to have monitoring systems in place should cards be abused on their shopping site, even if that is done through a third-party provider.
“Should a retailer be breached it might not be so apparent to the shopper. While the retailer is working hard to rectify matters, the customer will often employ a fingers-crossed mentality assuming that the retailer has their house in order. They will continue to shop for a bargain hoping their bank will cover it should their credit card details be stolen.
“As reported by a recent survey it’s worrying to see that many people will use a website they know to have an issue, and in the future it will be interesting to see if banks will refuse to cover transactions where customers have knowingly continued to use their card on a compromised retail site.
“We recently surveyed security decision makers from UK businesses at the eCrime Congress event, and discovered that 35 per cent of respondents cannot afford investment in security solutions, while 31 per cent will only do so to meet legal compliance, and a further 31 per cent believe they’re protected against cyber-attacks but in fact aren’t using technology appropriate to combat data theft. 35 per cent of these organisations also told us they hadn’t carried out a risk assessment in over one month.
“With this in mind, the onus is firmly on retailers to invest in relevant and appropriate security solutions.”
Kirill Slavin, General Manger for the UK and Ireland at Kaspersky Lab, says it’s an immense opportunity for online retailers to drive sales and revenue at the most competitive time of year. Data suggests that the average retailer will benefit from – and have to cope with – a four-fold increase in sales compared to the average Festive shopping day. And while overall sales on Cyber-Monday may be lower than on Black Friday, data from 2014 shows that individual transaction values are higher. He says: “Unfortunately, all this makes the day irresistible to cyber-criminals” .
He urges retailers first and foremost to secure all customer data and financial transactions. A secure channel for financial transactions is critical for both retailers and customers. “Once compromised, this channel can be used by attackers to steal money and perpetrate fraud against the retailer and individual customers.
“Another significant threat to organisations that handle money online is malware. In 2014, Kaspersky Lab detected 22.9 million attacks using financial malware, targeting 2.7 million users worldwide. Such malware often finds it way in through online communications or emails. Online retailers need to educate employees, including those in customer service roles, on what to look out for and what action to take – such as never opening suspicious-looking emails or clicking on links in messages.
“Phishing is often regarded as targeted mainly at consumers, but financial phishing attacks against banks, payment systems and e-shops accounted for over a quarter (28.7 per cent) of all phishing attacks in 2014 – as attackers attempted to infiltrate networks through unsuspecting employees and gain access to customer data and money. And while a flood of enthusiastic and impatient shoppers is a good thing, you need to ensure your infrastructure can cope with the traffic storm. Data from 2014 revealed a surge in activity on Cyber-Monday between 19.00 and 22.00. Too many people trying to do the same thing at the same time on your website will result in a denial of service (DDoS) that can immobilize your site for quite some time. Make sure your infrastructure is backed by an appropriate business continuity plan in case the worst happens.”