Black Friday is the day following Thanksgiving Day in the US, well-known for a variety of promotional sales. These are dependent on Internet connections working, servers coping with demand, in-store bandwidth holding up for transaction processing, and more. Both in-store and online, Black Friday sales are dependent on technology.
Industry leaders offer Help Net Security readers tips to secure their networks during the busy shopping season.
Wieland Alge, VP & GM EMEA at Barracuda Networks
With Black Friday now fast approaching, it’s time for businesses to take a look at their security defences and plug any gaps that could be exploited during the retail holiday period. The lure of cut-price goods on Black Friday means that at least some employees will be thinking about shopping on their workstations and this inevitably opens up your business to attack. There’s not much point in hardening your network only to find that one of your users has accidentally joined a botnet on their workstation.
On the employee side, make sure that all workstations are running with up-to-date software, firewalls and anti-virus installed and perhaps conduct some extra cyber security training around best practices for online shopping. On the network side, closely monitor your internal traffic and bandwidth, keeping an eye out for the users who are most likely to fall prey to a scam or any unusual spikes that could uncover a stealth attack on the network.
You should also review your firewall rules for conflicts, gaps and outdated rules, using the monitoring data to inform the new ruleset. Finally, check that your firmware is up to date and that all other electronics, devices and policies are full up-to-date with the latest security protections.
Ryan O’Leary, VP Threat Research Centre at WhiteHat Security
The retailing event of the year, Black Friday, is just around of the corner. But while bargain hunters rejoice, for retailers, now is the time to find and fix any major vulnerabilities in their web applications that could dampen the holiday spirit.
While the cyber spotlight is firmly on the ecommerce sector for the next couple of months, all businesses have something to learn from the essential application security best practices. Website security needs to be proactive, not reactive. Businesses that spend the time and money implementing security into the build of their applications, save a lot more in terms of reputation later down the line.
Those in charge of IT systems should be prioritising the most dangerous vulnerabilities, focusing on their lead applications and those that hold private information. Any vulnerabilities in these sites must be dealt with, regardless of the complexities in fixing them. Finally, time is of the essence in flaw remediation. Currently, the average time it takes to fix a flaw in a retail website is 205 days. This equates to a significant window of opportunity for hackers to potentially cause irreversible brand damage.
It’s no longer enough to conduct point-in-time application security testing, it needs to be a continuous process. Remember, website security is for life, not just for Christmas!
Thomas Fischer, Threat Researcher and Global Security Advocate at Digital Guardian
Malicious parties may decide that the Black Friday weekend is a good opportunity to flex their muscles and show their ability to control our use of the Internet. The large-scale denial of service attacks that have occurred over the last few weeks provide good reason to re-assess your ability to recover from this kind of situation. Even if the cyber attackers targeted retailers, other businesses could also be affected, depending on the exact target of the attack.
When DNS provider Dyn was flooded with traffic last month, multiple websites were knocked offline at the same time. Continuity planning for such an event should include looking at services that can mitigate any direct denial of service attacks, as well as a plan to recover if the primary DNS provider is taken down.
Michael Hack, SVP of EMEA Operations at Ipswitch
The Black Friday and Cyber Monday sale shopping phenomena is a fairly recent development for consumers and retailers. It’s a great timing for shoppers to get discounts on their Christmas shopping and retailers haven’t been slow to spot the opportunity to make the most of this revenue opportunity.
However, in order to do this, retail IT and security systems need to stand up to huge spikes in demand. IT professionals responsible for making sure network infrastructure stays available and secure need to be ready to identify and overcome problems at the drop of a hat. Any down-time can result in thousands of pounds of lost revenue and nobody wants to have to explain that to their boss.
IT teams need to ensure they have deep visibility and detailed visualisation of the network, applications, servers, VMs and traffic flows. With this visibility they’ll be armed and ready to isolate security problems before they get out of hand and can make sure websites have enough bandwidth to support shoppers’ demands as well as process transactions securely.