Christmas is all but a distant memory for retailers but just around the corner is a string of important seasonal events that they need to prepare for. With Valentine’s Day, Easter, Mother’s Day and Father’s Day on the horizon, shoppers will be hitting the web in force in search of the perfect gift for loved ones.
During busier shopping periods, online retailers become even more susceptible to malicious threats – increased traffic indicates increased profit which only acts as a honey pot for cyber attackers, fraudsters and hackers.
These threats can do more than just lead to a reduction in sales and loss of revenue. They can also damage the image of the brand that has some under fire. Recent research from the Ponemon Institute identified that 88 percent of consumers distrust a website that crashes and 78 percent of consumers worry about a company’s security when a website is sluggish. This highlights the extent to which website performance influences perceptions.
Failing to protect your online presence from outside threats or allowing it to crash due to traffic overload is a critical error for e-tailers as a slow load or frequent downtime will erode consumer trust in a brand’s digital presence. Rebuilding this will be a costly and time consuming endeavour.
Technology issues may be the cause of poor website performance but this also might be caused by cyber threats. The following describes just a few of the threats that e-tailers should be aware of and outlines how they can act against them:
Site Overload
It’s obvious, but websites get much more traffic during seasonal shopping periods, which puts extra pressure on the website. If brands don’t test their sites to see if they can handle peak traffic, disaster can strike. The simple solution is to perform load testing in the run up to periods that are forecasted to be busier. By bombarding your site with traffic in a controlled environment, you can gauge how it will perform well in advance of the rush. This leaves enough time to tackle any urgent issues before it affects sales.
Funky Pigeon adopted this approach by choosing Neustar Load Testing to monitor its website performance end to end and discover instantly whether its slow-loading issue was on the home page, somewhere in the checkout process or when customers are personalizing their gifts. As John Symonds, IT Services Manager, Funky Pigeon explains: “We are 100% dependent on online revenues, particularly over the crucial annual peaks in trade: Christmas, Valentine’s Day, Mother’s Day and Father’s Day. There’s no room for slow page loads or site outages in this market.”
DNS Attacks
Have you ever tried to access a brands website only to find yourself on a completely different site all together? This is known as cache poisoning, aka DNS spoofing. Hackers hijack trusted websites in order to redirect customers to bogus pages where their logins, passwords and credit card numbers are siphoned off.
Solutions to combat this include digital signatures, which ensure that DNS responses are identical to those from your authoritative server, meaning you are protected against forged or manipulated data. Look for a managed DNS service with hardened security features—any good DNS protection provider will provide this at no extra cost. Also, non-open source resolvers (unlike BIND) are less prone to malware, viruses and attacks; and go for advanced security: permission levels, two-factor authentication and access control list (ACL) by IP to restrict access to DNS records.
Authentication Fraud
The Internet is the perfect feeding ground for fraudsters. It combines anonymity, reach and speed making it easy for those trying to use some else’s identify in order to make online purchases for free. Knowing whether purchase requests are legitimate or fraudulent could save your brand millions. With seasonal shopping events and increased trades it is natural that there will be an increase in activities like registering on shopping sites and applying online for credit. E-tailers need to have the ability to confirm instantly whether a request is legitimate or based on stolen or fictitious identities. Validating online purchasers’ information can be completed quickly and accurately using a reputable fraud detection and data validation service.
DDoS Attacks
DDoS attacks can often be carried out by competitors or political/social activists and can take three form:
- Volumetric Attacks, which saturate a site’s bandwidth with high-volume traffic (UDP floods, ICMP floods, and other spoofed-packet floods)
- Protocol attacks, which consume server resources or those of related communication equipment, like firewalls and load balancers (SYN floods, fragmented packet attacks, Ping of Death, and Smurf DDoS)
- Application Layer Attacks—often masked as legitimate traffic, these more surgical attacks aim to crash the web server (Slowloris, zero-day attacks, Windows or open BSD vulnerabilities, and attacks that target Apache).
Alarmingly, hackers implementing DDoS attacks don’t need much to get up and running. They can be powered by cheap tools that are widely available online. These attacks are the easiest way to disable websites, often as a smokescreen whilst malware or a virus is installed. Recently there has been a rise in the number of attacks that have been followed-up with a ransom demand. Online brands should implement countermeasures with purpose-built DDoS protection—hybrid solutions are best, combining on-premises hardware and cloud-based traffic scrubbing.
Trust is key
In our always-on and always-connected world, the digital storefront of a brand, regardless of industry, may well be the first and only “touchpoint” a customer has with a company. During competitive seasonal shopping periods a brand’s marketing, IT and security roles should converge in order to deliver a safe, trusted and seamless customer experience. It is imperative that the leaders of these three groups have an ongoing, open and trusted dialog that points to the achievement of a shared goal. Failure to do so creates the real possibility that customer loyalty will be destroyed.
