As we all get ready to kick back, do a little holiday shopping and enjoy a mince pie or two, cyber criminals are perfecting their malware and refining their phishing scams to steal shoppers’ cash and damage the reputations of businesses by turning their websites into cyber traps. With an expected spike in online digital transactions during the festive season, online retailers will in particular be targeted by these digital grinches.
The festive period is a critical time of year for the retail industry and with the cost-of-living crisis predicted to worsen in the UK, margins will be tighter than ever. Many retailers will be depending on a holiday shopping boost. Hackers alert to this and understand that cybersecurity incidents can majorly disrupt business operations, damage consumer trust, and retailers’ bottom line. Therefore, taking a busy website hostage at this time can be a quick and easy way to extort large sums of money.
If an online retailer is looking forward to higher revenues this period, a DDoS attack can quickly wipe out eagerly anticipated sales.
So, what can online retailers do to strength their cybersecurity posture, protect their e-commerce infrastructure and avoid becoming victims of holiday hackers. Here’s what Adarma’s cybersecurity experts recommend.
Implement temporary geoblocking
Implementing a temporary geoblocking measure can help stop cyber attackers from high-risk countries by blocking IP addresses from certain locations, thereby limiting access to the online retailer’s website.
However, cybersecurity teams must be strategic in how they deploy this method and how they determine which countries are a serious risk to their website. Typically, online retailers will have a detailed profile of their customers, including information such as; country of origin, purchase habits, website journey and many more.
Using this historic customer data, security teams can determine which countries to block and which to green light during a period of expected increased activity. If a country is categorised as a high-risk location, for example North Korea, the retailer has a non-existent customer base there and won’t ship there, then it would be prudent to implement geoblocking during that time period.
Implement rate limiting IP requests
Rate limiting is a method to limit network traffic by capping how often someone can repeat an action within a certain timeframe, for example, trying to log in to an account. This method will temporarily block non-standard user journeys. For example, a single household is unlikely to load hundreds of pages a second.
A rate limiting solution is useful for stopping malicious activities such as brute force attacks, DoS and DDoS attacks and web scraping.
So, how does it work? A rate limiting solution measures the amount of time elapsed between each request from each IP address, while also measuring the number of requests within a specific timeframe. If the volume of requests within a timeframe exceeds expectations, then the rate limiting solution will not fulfil the IP address’s request for a certain period of time. The blocking period needs to be tactically assessed to discourage attackers, but also not to impact genuine users
Implement auto-scaling
Auto-scaling solutions monitor your applications and automatically adjusts a website’s capacity in order to maintain steady and predictable performance in the face of extreme demand. The service will scale back down once the attacker stops spamming their target with bogus traffic.
It’s important to note that it can become expensive to the organisation, as they will need to pay the cloud infrastructure provider for extra resources for handling the additional traffic. Organisations should also seek to implement a queueing system when they reach the “hard limit” of their resourcing capabilities, ensuring that their website isn’t overwhelmed whilst still allowing customers to shop.
Verify access controls
Cyber threat actors will often go after gaps in their target’s third-party supply chain to gain access to their goal. Online retailers often have extensive supply chains, which puts them at greater risk of being exploited through a weakness in another organisation’s network.
Reviewing, revalidating and testing access to your digital environment can help seal any possible cracks in your cybersecurity and block-up possible access points. If third-party organisations have access to your digital environment or IT networks, ensure that you have a comprehensive understanding of what level of privilege is extended into your system, and to whom.
Internally, business leaders should make sure that passwords for their systems are strong and unique and any that are not up to standard are immediately updated. Security teams should review all user accounts and remove any old or unused accounts. It’s important that they also ensure that multi-factor authentication is enabled and configured correctly.
Privileged accounts or those with other rights or access to sensitive data should be carefully monitored and managed to ensure they are not being misused. It’s also important that security teams regularly test these access controls and that they are peer reviewed to ensure they are robust. Leveraging Privileged Access Management (PAM) solutions, with privileged account passwords held in a password vault and automatically rotated after use, will remove another avenue for an adversary to access credentials and, if they do, there’s a time limit on their effectiveness.
Brief the wider organisation
Ahead of a period of increased threat, such as Black Friday and Cyber Monday, employee education is vital. Employees need to understand the situation and be aware of the heightened threat. We recommend resharing cybersecurity best practises and why reporting suspected security events is important to encourage employee buy-in. Employees should be set up for success with the tools and knowledge to report suspicious activities, and training on how to recognise the indicators of malicious cyber activities.
To find out more about Adarma and how we can help strengthen your cybersecurity posture, please contact us.
Stay up to date with the latest threat insights from Adarma by following us on Twitter and LinkedIn.