Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wallarmlabWallarmWALLARMLAB:C55E15439893BC4E64189CEFF0F6D9E5
HistoryFeb 11, 2019 - 7:37 p.m.

Make Sure Your Security Is Ready for the President’s Day Shopping Spree

2019-02-1119:37:18
Wallarm
lab.wallarm.com
64
JSON

By Tony Bradley

The following article was originally written to provide e-retailers with tip and tricks for the Black Friday and Cyber Monday shopping. However, with the biggest President’s day spring sales approaching, the best practices and how-to remain the same. More about e-commerce security and compliance in a recent Wallarm PCI DSS whitepaper: DOWNLOAD

Photo by Artem Bali on Unsplash

Season

The holiday shopping season kicks off tomorrow. There will be a notable spike in holiday shopping as people across the country rush to take advantage of the deals and bargains available on Black Friday and Cyber Monday. For retailers, it is a double-edged sword, though. It is a fabulous time of year for sales
and revenue, but unfortunately it comes with a significant increase in risk as well.
Cybercriminals know how to exploit the holiday shopping season to increase their own revenue as well. The dramatic spike in online traffic and sales makes it easier to blend in undetected. At the same time, many employees are off for the holiday and tend to take more vacation time through December to
spend time with family, which means that even if a security and fraud detection system is in place, it will take DevOps and security engineers that much longer to analyze the alerts and decide if they present a
real threat. There are automated tools to detect and block suspicious or malicious activity, but retailers can’t afford to block every IP address that might be flagged as a potential problem. Most detection systems are
highly inaccurate, and the transaction may actually be legitimate. In addition, shoppers coming from mobile devices may be sharing an IP address for many of the users in the same areas, which means that blocking that specific IP address may also block access to dozens — if not hundreds — of other shoppers. A cyber attack is bad but blocking or rejecting a legitimate transaction is as bad or worse.

> “Web applications and e-commerce sites are at risk of cyber attack year round,” stressed Ivan Novikov, CEO of Wallarm. “However, the risk increases significantly during the holiday shopping. Overwhelming network demand and the focus on maximizing sales make it more challenging for organizations to effectively detect, identify and stop attacks.”

What can retailers do to effectively protect against these threats? Here are four things to do to prepare for the holiday shopping season:

1. Audit
Conduct a security audit of all your systems where customers will shop and transact and where e-commerce stores are implemented ahead of the Black Friday and Cyber Monday rush. Make sure your platforms such as WordPress, Joomla, and Drupal — as well as any and all containers under them — are
fully patched.
2. Verify
Verify the configuration of external services and APIs — especially for third-party payment services like Stripe and Braintree. It is very easy to misconfigure authentication and data protection settings.
3. Automate

Most e-commerce attacks are driven by hijacking legitimate accounts — either through phishing attacks or by guessing passwords or substituting a password from one of the known caches of stolen passwords available on the dark web. Legitimate accounts have established patterns of access and usage and there are automated tools, such as Wallarm, to detect anomalous activity and protect against behavioral attacks like that.
4. Filter
Suspicious or malicious activity is almost constantly present, but you can’t treat it all the same. It’s crucial to filter the attacks by risk to resolve issues most effectively. In situations where hackers become more active and DevOps resources are limited, it is important to focus the attention on the attacks that
either have a higher potential impact or specifically target your sensitive or important assets. You can prepare to evaluate the risk of attacks

First appeared in TechSpective on 11/22/2018

Make Sure Your Security Is Ready for the President’s Day Shopping Spree was originally published in Wallarm on Medium, where people are continuing the conversation by highlighting and responding to this story.

JSON