Black Friday marks the unofficial start of the in-store holiday shopping season, and on December 1, consumers across the United States will hit the Internet in search of great deals, spending over $1 billion on holiday gifts. Forrester projects that ecommerce will generate $89 billion between November and December — a 13 percent growth over the same time period in 2013.
As retailers prepare for the major surge in web traffic on Cyber Monday, cybercriminals are also busy planning their next attack. A single DDoS attack on the busiest online shopping day of the year can cripple sales impact revenue catastrophically, not to mention consumer trust in the brand. On average, a DDoS attack can cost retailers between $50K and $100K per hour. On one of the busiest online shopping days of the year, that number could soar, potentially costing retailers many thousands of dollars per minute.
Featured Download: Social media access at work. Do your employees know the rules?
However, its not only the financial loss that can be damaging. An attack also degrades consumer trust, with consumers turning to competitors to fulfill their shopping needs. The key for retailers to protect themselves across the board – their online domain, their revenue and their brand – is sometimes zen-like. Brands must be able to outperform their competitors with better protection, thereby reducing the return on investment by attackers. It’s like the old adage: if both of us are faced with an angry bear, I don’t have to outrun it; I only have to outrun you!
Cyber criminals will continue to search for the easiest target, making security strategies and protection more important than ever.
– Understand the warning signs. There is no substitute for preparation. Make sure you have systems in place to detect attacks early on, and have plans in place to deal with the attacks before they overwhelm you and put you out of business. This will help you reduce the risk of loss on days like Cyber Monday. More intense attacks are on the rise, and data theft makes DDoS attacks even more dangerous. DDoS attackers no longer stop at causing site outages. Increasingly, cybercriminals are now using DDoS attacks for “smokescreening,” distracting IT staff while inserting malware to breach bank accounts and customer data. In 2013, over 50 percent of companies hit by DDoS attacks suffered theft of funds, customer data or intellectual property. Additionally, many attacks are now lacking ransom notes or socio-political ultimatums, indicating a hidden agenda.
– Develop a DDoS mitigation plan. Assign responsibilities during a DDoS emergency. By dedicating at least some staff to watching entry systems and making sure everything is patched with the most up-to-date security, your team won’t be left scrambling in the case of a DDoS attack.
Cyber criminals will continue to innovate and find new ways to attack retailers, businesses and organizations of different sizes. The hype around Cyber Monday is sure to entice attackers to target infrastructure vulnerabilities, making preparation key to protection.
By Rodney Joffe, Distinguished Fellow, Neustar
About Neustar
With a history of managing complex, authoritative datasets—and of designing strict security and privacy protections into everything we do — Neustar provides accurate, up-to-the-minute insights, delivering trusted, data-driven intelligence enabling clients to make informed, actionable decisions in real time, one customer interaction at a time.
The enterprise help marketers promote their businesses and IT and security professionals protect them. As an innovator in real-time technologies, Neustar’s teams have the expertise to drive high-volume and high value decision-making. Whether you’re in media and advertising, communications or financial services, retail, you name it, Neustar’s here to help you take fast, informed action—whether it’s choosing the best offer to make to a new customer, or recognizing and instantly mitigating a DDoS attack on your Website.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.