2018 predictions: Retailers will adopt a multi-layered approach to security
Written by David Maclean, Systems Engineer, F5
Today is Black Friday, and that means bargains. For retailers, it means big customer service and revenue pressure. To conquer the annual onslaught, and remain relevant and desirable throughout the shopping year, the onus is on retailers to deliver an intuitive, connected experience for consumers.
Against a backdrop of intense competition, digital transformation is inevitable and beneficial to both shopper and retailer. Unfortunately, it is not without risk. With banking cyber security becoming more sophisticated, retailers are often seen as easier prey for personal data. According to recent a report by law firm RPC, cyber attacks on e-commerce sites have doubled in the past year.
In the race for profit, devices and features designed for consumer simplicity are rife, usually with one-touch/easy-access sign-in mechanisms. Security is often an afterthought. As the shopping experience becomes increasingly interconnected and accessible for the masses, it may also become more user-friendly for cyber criminals.
The problem is only exacerbated during busy periods such as Black Friday and Cyber Monday. Hackers tend to ramp up their activity during these busy periods as the sheer quantity of data flying around can be difficult for retailers to understand, tame and secure.
A sustainable, functional and consumer-facing website needs to focus security efforts as closely as possible to the application. Retailers must adopt a multi-layered approach of on-premise and cloud to keep their online services live against DDoS attacks, as well as protecting the network, the session and the consumer. Security measures also need to be intelligent enough to determine legitimate transactions from malicious activity, which is becoming increasingly difficult as cyber criminals adopt new tactics.
Strong threat analysis measures should be in place to capture any irregularities from the outset. At the very least, online retailers should ensure they have “Trusted Shop Certificates”, which guarantees a minimum, but standardised level of security and consumer trust.
To truly breeze through seasonal surges this year, including Black Friday and Cyber Monday, retailers will need a scalable application infrastructure, both from a network bandwidth and app server perspective. On-premise solutions won’t cut it here in terms of speed, agility and cost-efficiency.
The ability to scale into the cloud is emerging as an e-commerce prerequisite to ensure customer satisfaction, business continuity and profit. This calls for robust security measures at every juncture, including authentication/authorization (IAM), encryption/decryption technologies (SSL), as well as anti-fraud and DDoS mitigation technologies. A Web Application Firewall (WAF) is also essential for online businesses as they rely on web-portal technology. Available in any deployment scenario (and as a standalone service), a strong WAF solution will protect apps and data from known and unknown threats, defend against bots that bypass standard protections, and virtually patch app vulnerabilities.
As the EU General Data Protection Regulation (GDPR) deadline approaches, retailers will also have up their transparency standards. In time, those that are most compliant and secure will clearly stand out from the crowd. Consumers will only want to engage with those that take their personal data seriously. Retailers would do well to earn that trust today. Playing catch up rarely works.