This article was published on November 25, 2012

How online retail businesses stay secure on Cyber Monday

How online retail businesses stay secure on Cyber Monday
Lauren Hockenson
Story by

Lauren Hockenson


Lauren is a reporter for The Next Web, based in San Francisco. She covers the key players that make the tech ecosystem what it is right now. Lauren is a reporter for The Next Web, based in San Francisco. She covers the key players that make the tech ecosystem what it is right now. She also has a folder full of dog GIFs and uses them liberally on Twitter at @lhockenson.

Now that Turkey Day is finally passed, it’s time to fix yourself a Thanksgiving Sandwich and fire up the old computer to snag the latest deals on one of the fastest-growing shopping holidays around, Cyber Monday. The National Retail Federation estimates that more than half of online retailers will be offering promotions and discounts for Cyber Monday, and ComScore is projecting an astronomical $1.5 billion dollars in sales — all in a single day.

But with that profit hinging on a few hours of fevered shopping, online outlets are positioning themselves for a big security risk. Hackers with a motive (or simply an easy way to get in) can threaten an entire website’s livelihood by launching a DDoS attack through simple means.

“Programs that can do serious damage to a company’s servers aren’t hidden,” says Marty Meyer, CEO of Corero Network Security, a cyber security company that specializes in DDoS attacks. “These are free, easy to access, and can be launched quickly.”

With Cyber Monday quickly becoming the largest and highest profile ecommerce event, a lot can happen when you type your credit card number into a website that’s not equipped to handle a server breach or shutdown. Unfortunately, the inside look on cybersecurity for all websites — even the big ones — isn’t reassuring.

Problems from the first line of defense

Of course, Cyber Monday’s status as a premier online shopping holiday just magnifies an already rampant problem on the Internet all year round: Companies don’t defend well against hackers from the get-go, and very little protocol is in place to actually guard against breaches.

“We see businesses that look at cyber attacks like being hit by lightning, thinking, ‘It won’t happen to me,” Meyer explains. “But if it does, your business might be seriously injured or dead.”

This false sense of security is a trouble spot for not only the big players in the ecommerce space such as Amazon and Etsy, but also for smaller independent retailers looking to score big with online orders. Meyer says that small businesses are just as likely to get hit by hackers as big business and often cause even more damage — especially if the company’s website or ecommerce system is new and untested.

“Cyber attackers are not always targeting specific sites,” Meyer says. “Instead, they’re randomly polling URLs and IP addresses for vulnerable sites. So don’t think you can fly under the radar.”

False perceptions about how hackers work leads to drastic under-preparedness. In his experience, Meyer says that companies often rely on outdated network infrastructure and ineffective firewall services — in short, nothing that could really help if a DDoS or other predatory maneuver was launched. Add to this a poor knowledge of regulating server traffic and shaky adherence to PCI security standards, and Cyber Monday begins looking more and more like a recipe for a complete Internet meltdown.

Once down, down for good

Unfortunately, the problems don’t end there. If by any chance an unprepared online business is looking now to get everything in place on Cyber Monday, there are very few last-minute measures to take.

Reactive quick fixes are very limited in the attacks they protect against and are extremely expensive,” Meyer says. “But if an e-retailer is not already using a CDN or service provider to provide burst bandwidth, they could try and set this up for Cyber Monday. However, the website will remain vulnerable to application-layer and server-targeted attacks, which can significantly degrade the site performance and drive away frustrated customers.”

Even worse, a successful attack could spell hours of downtime, long waits for the ISP, and relying on a whole lot of luck to get back up. Small businesses are, unsurprisingly, the ones with the most to lose when a cyberattack occurs: They have the least bandwidth, least secure ecommerce options and, perhaps most importantly, they have the least resources to rely on when an attack occurs. Cyber attacks can also cripple ecommerce outfits for the long-term, especially if a first-time customer finds out his or her data has been compromised.

“The huge increase in Cyber Monday as a source of revenue for retailers creates a rush to setup an online presence and, if protocols are not done properly, it could tarnish the reputation of the retailer if they are the target of a data breach and any private or payment card information is stolen.”

In short, many ecommerce platforms simply don’t have the infrastructure to withstand a calculated attack on such an important day — and they could suffer if their servers come crashing down like dominoes.

The long run

In order for Cyber Monday to stay safe, secure and — most importantly — popular, ecommerce systems must replace their slow, weak and outdated cybersecurity systems. Meyer says that remaining vigilant and proactive is the most important defense against all kinds of online attacks.

“Attackers are smart and getting more sophisticated, and technology to combat them needs to move with the times,” Meyer adds.

There’s a lot riding on Cyber Monday, but increasingly insecure websites could mean big trouble. Users and businesses alike could potentially face deal phishing scams, information extraction from insecure ecommerce systems, and fraud of all kinds.

The best way to keep the day alive is not to think if, but when.

“Hope is not a strategy,” Meyer says.

Image Credit: Sandy Huffaker/Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Back to top