subscribe: Daily Newsletter

 

Securing e-commerce for Black Friday and beyond

0 comments

As the shopping experience becomes increasingly interconnected and accessible for the masses, it may also become more user-friendly for cybercriminals, writes Martin Walshaw, senior systems engineer at F5 Networks.
For consumers, Black Friday and Cyber Monday means bargains. For retailers, it means big customer service and revenue pressure.
To conquer the annual onslaught, and remain relevant and desirable throughout the shopping year, the onus is on retailers to deliver an intuitive, connected experience for consumers.
Against a backdrop of intense competition, digital transformation is inevitable and beneficial to both shopper and retailer. Unfortunately, it is not without risk. With banking cybersecurity becoming more sophisticated, retailers are often seen as easier prey for personal data. According to recent a report by law firm RPC, cyber-attacks on e-commerce sites have doubled in the past year.

Security as an afterthought
In the race for profit, devices and features designed for consumer simplicity are rife, usually with one-touch/easy-access sign-in mechanisms. Security is often an afterthought. As the shopping experience becomes increasingly interconnected and accessible for the masses, it may also become more user-friendly for cybercriminals.
The problem is only exacerbated during busy periods such as Black Friday and Cyber Monday.
Hackers tend to ramp up their activity during these busy periods as the sheer quantity of data flying around can be difficult for retailers to understand, tame and secure.

Working together is winning
A sustainable, functional and consumer-facing website needs to focus security efforts as closely as possible to the application. Retailers must adopt a multi-layered approach of on-premise and cloud to keep their online services live against DDoS attacks, as well as protecting the network, the session and the consumer. Security measures also need to be intelligent enough to determine legitimate transactions from malicious activity, which is becoming increasingly difficult as cybercriminals adopt new tactics.
Strong threat analysis measures should be in place to capture any irregularities from the outset. At the very least, online retailers should ensure they have “Trusted Shop Certificates”, which guarantees a minimum but standardised level of security and consumer trust.
To truly breeze through seasonal surges like Black Friday and Cyber Monday, retailers will need a scalable application infrastructure, both from a network bandwidth and app server perspective. On-premise solutions won’t cut it here in terms of speed, agility and cost-efficiency.

Scalability is crucial
The ability to scale into the cloud is emerging as an e-commerce prerequisite to ensure customer satisfaction, business continuity and profit. This calls for robust security measures at every juncture, including authentication/authorisation (IAM), encryption/decryption technologies (SSL), as well as anti-fraud and DDoS mitigation technologies.
A Web Application Firewall (WAF) is also essential for online businesses as they rely on web-portal technology. Available in any deployment scenario (and as a standalone service), a strong WAF solution will protect apps and data from known and unknown threats, defend against bots that bypass standard protections, and virtually patch app vulnerabilities.
As the EU General Data Protection Regulation (GDPR) and Protection of Personal Information (POPI) Act deadlines approach, retailers will also have to up their transparency standards. In time, those that are most compliant and secure will clearly stand out from the crowd. Consumers will only want to engage with those that take their personal data seriously. Retailers would do well to earn that trust today. Playing catch-up rarely works.