website security
Risk website security

 

It goes without saying that the Christmas and New Year period in Australia is one of the most profitable times of the year for retailers. Over the 2015 Christmas period alone $3.92 billion was spent, which was up 28 per cent from 2014[1]. This year we can expect even greater spending during the Christmas season, with consumer confidence hitting its third month of consecutive growth[2], backed up by low interest rates and low unemployment rates[3].

Online shopping continues to account for a major slice of total spending over each festive season, with $5.52 billion spent online in December last year. As the retail industry becomes increasingly digitised, ecommerce businesses will need to ensure that the customer experience is as seamless as an in-store visit, especially in the lead up to Christmas when retailers reach peak traffic on their websites.

Recent episodes that have occurred in Australia have shown that internet-based companies and services still have a long way to go when it comes to user experience. The Ticketek website, for example, crashed during the AFL finals in September and even the ABS Census failed to allow citizens to complete their online form in August. These instances highlight the fact that poor or slow website performance can negatively influence perceptions of a brand, create customer frustration, and have the potential to impact a company’s revenue. According to a survey by the Ponemon Institute, 88 per cent of consumers distrust websites that crash, while 78 per cent of consumers worry about a company’s security when a website is sluggish[4].

While it should be obvious to most retailers that websites receive much more traffic during the festive season, many brands still fail to adequately test their sites to see if they can handle peak traffic. This leads to scenarios such as when Myer experienced a major website crash on Boxing Day three Christmases ago. However, events such as these can be easily solved by load testing during the run-up to Christmas. By bombarding a website with traffic in a controlled environment, retailers can properly gauge how it will perform on Boxing Day, or any other day in December. Retailers can then tackle any urgent issues well in advance of the rush.

Security issues to avoid

As a busy and profitable time of the year, the sales season also raises some security concerns for businesses. Although online retailers are under daily threat of possible breaches and hacks, during the festive period these threats are heightened as vast numbers of consumers browse and shop online. As the risk from cyber attackers, fraudsters and hackers increases, the potential financial loss from cyber-attacks becomes a serious issue. Recent research from Neustar found that organisations stand to lose on average $100k per hour of downtime during a peak period following a successful DDoS [distributed denial of service] attack[5].

There’s no doubt that DDoS attacks are on the rise in Australia and the APAC region. Analysis from the same Neustar study showed that 77 per cent of APAC organisations have been attacked, which is five per cent higher than counterparts in North America and two per cent more than in Europe. Just under half of attacked organisations suffered from six or more attacks and, worryingly, almost half of all APAC organisations took over three hours to detect and an extra three hours to respond to a DDoS attack, which is significantly higher than global averages[6].

DDoS attacks are the easiest way to disable websites. They are powered by cheap tools that are openly sold online and are often used as a smokescreen whilst malware or a virus is installed. Figures from the recent Neustar report identified that just under half of all organisations detected a virus following a DDoS attack, while 38 per cent found malware and 16 per cent received ransomware.

To combat the growing threat of DDoS attacks, online brands should implement countermeasures with purpose-built DDoS protection—a cloud or hybrid solution fitted to the company’s risk profile and IT strategy is appropriate. Automation should be considered as this reduces time to respond while removing overheads associated with permanently routed solutions. As the $100K cost-per-hour in downtime figure highlights, the speed of response to attack is critical.

Moreover, as the above results indicate, multi-vector attacks are on the increase, making it important to counter this with a multi-layered security approach. Supplementary IP address information can be acquired and utilised to target specific geographies and prevent access from addresses used for suspicious activity. A premium managed DNS [domain name service] will improve performance and reliability, and increase resilience to DDoS attack. Finally, end-point security and appropriate user training can combat viruses, malware, ransomware and phishing.

In today’s online world, a slick looking website is not enough. As consumers spend more time online, especially around the late November through December Christmas shopping season, it’s crucial to be a trusted digital brand. If online marketing, performance and security are not integrated, brands face the real possibility of destroying customer loyalty for good.

[1] eWay, ‘Aussies spend billions over Christmas’, https://www.eway.com.au/about-eway/news/2016/01/19/aussies-spend-billions-over-christmas

[2] Trading Economics: http://www.tradingeconomics.com/australia/consumer-confidence

[3] Trading Economics: http://www.tradingeconomics.com/australia/unemployment-rate

[4] Ponemon Institute/Neustar, ‘WHAT ERODES TRUST IN DIGITAL BRANDS?’, https://ns-cdn.neustar.biz/creative_services/biz/neustar/www/resources/whitepapers/it-security/ponemon-report-2015.pdf

[5] Neustar, Worldwide DDoS Attacks & Protection Report’, https://ns-cdn.neustar.biz/creative_services/biz/neustar/www/resources/whitepapers/it-security/ddos/2016-fall-ddos-report.pdf

[6] Ibid.

Robin Schmitt is the General Manager Australia at Neustar.