That time of the year is upon us: November’s sales on Black Friday. What once was a retailer’s heaven and brought thousands of potential customers into the stores, has changed. Today, online purchasing means that a lot of the deals and sales have moved to the web. In addition to this, we now have Cyber Monday – the annual online sales madness.
77% OF MERCHANTS IN THE UNITED STATES ARE ONLINE. THIS IS THE LARGEST PERCENTAGE IN THE WORLD
Retailers and customers are not the only ones that benefit from these “holidays.” Cybercriminals also take advantage of this eCommerce bonanza, and we can see a steady rise over the years in the number of attacks on online retail websites.
Unfortunately, if once it was “simple” to handle eCommerce cyber attacks (because they were mostly simple DDoS attacks), today the issue is much graver. Online retailers are facing cyber attacks on multiple fronts, including DDoS, Credit Card Fraud, Inventory Hoarding, Gift Card Fraud, and many more. Different types of attacks demand various sorts of protection methods.
Some of the popular cyber attacks are:
Of all verticals, online retail tends to face the broadest range of threats. Ecommerce sites and applications present a rich array of illicit opportunities for threat actors.
Of all verticals, retailers rely the most directly on incoming traffic for their revenue. When that traffic is compromised, retailers suffer. During high-traffic and high-revenue exclusive sales, such as Black Friday and Cyber Monday, both the importance and effect of attacks rise. Some businesses rely on these sales so much that an attack can cause them to go under.
So, what can you do to protect your business?
First of all, as the immortal Douglas Adams said – Don’t Panic! (and you can also grab a towel just to be on the safe side). Knowing is half the battle, and now that you know about the variety of cyberattacks that could potentially occur and affect your sales, you can defend yourself.
First, verify that your defenses are up to date. Countless attacks still succeed which could have been prevented had people kept their solutions updated. It is bad enough that the average time for a solution provider to patch a vulnerability is almost 90 days; failing to update your system when the vulnerability has been patched is far worse.
Second, make sure your certifications are up to date. People today are much more suspicious; when a website is not secured, they will think twice before entering it. Submitting their credit card information is even less likely.
Third, as with many things in life, you need to keep yourself protected. As shown above, there are many attack vectors today, and most security solutions cannot protect you from all of them. You have two options: either get multiple solutions or get one solution that offers protection against all these attack methods.
Traditional methods have become inadequate for protecting against the full spectrum of potential threats. For example, most attacks today involve bots, but few solution providers have kept up with the increasing sophistication of today’s automated attacks
To learn more about the different attacks and how you can protect yourself, you can read our latest research: The State of Bot Protection – 2019.