GCC retailers can’t afford to sell out to DDoS - Gulf Business
Now Reading
GCC retailers can’t afford to sell out to DDoS

GCC retailers can’t afford to sell out to DDoS

Srinivasan CR explains why it’s so important for retailers to fight cyber attacks

With e-commerce continuing to grow at a steady rate, mobile retailing has become the fastest-growing retail sector in the region.

Despite still playing catch-up with the USA and Europe – where mobile sales are responsible for 35 per cent and 30 per cent of online sales respectively – the region is making large strides towards these kinds of figures.

This is largely due to the convenience and ease that comes with online transactions in the modern world. Today’s mobile payments technology has made it possible for consumers to purchase and pay for products within a matter of clicks on their smart devices.

The advantages of mobile retail are clear, but avoiding the hassle of long queues and travel is only one part of the story. Alongside the luxury of being able to shop from the comfort of your own home, there are added perks as a result of retailers having visibility into buying habits online. In the world of mobile shopping, retailers are able to cater to customers with offers, discounts and promotions that are tailored specifically to the individual.

With opportunities, however, come risks. The huge spike in traffic we have seen this past season, with events such as Eid al Adha and the back to school sales, has left the websites of major retailers vulnerable to cyber criminals.

As cybercrime moves up the agenda for large enterprises, the sophistication of today’s attacks and the associated consequences should be taken seriously.

Interestingly, one third of all cyber-attacks on retailers are Distributed Denial of Service (DDoS) attacks. A recent Deloitte study revealed that despite the international focus on cyber security, Middle East enterprises still require better measures to avoid such attacks. The study also indicated the potential for cyber security threats in the GCC to increase.

Verizon’s 2014 Data Breach Investigations showed that 33 per cent of all cyber-attacks on retailers come from DDoS, making it the most common digital threat this industry faces – even more so than point-of-sale intrusions. According to reports, DDoS attacks increased by 90 per cent in the fourth quarter of 2014, compared to Q4 of the previous year. There was also a 52 per cent increase in average peak bandwidth of DDoS attacks.

Many businesses have fallen victim to a DDoS attack this year already, and such is the extreme nature of these types of attacks that they threaten to topple retailers altogether – a threat that could quite clearly be disastrous, particularly during peak sales seasons.

And it isn’t a threat that is going away, as cybercrime as a whole becomes more mature and attackers more experienced.

So how does this type of attack occur? DDoS attacks rely on hijacked devices that cyber criminals add to their army, bombarding a weakness in a network. Infected devices are turned into robots called botnets, which add network traffic to the attack.

This is akin to recruiting an army of clones formed by specific computers, ports or services on the target system, entire networks or network and system components.

Most commonly, it involves flooding the target with external communications requests, until eventually the attack builds enough momentum to bring the network to a standstill.

By exploiting vulnerabilities in unprotected networks and a range of connected devices, including smartphones and tablets, DDoS attackers are able to grow their botnets at an alarming rate, thus increasing the power of an attack.

A successful DDoS attack can render retailers powerless to protect their systems, making them more susceptible to a full-scale network breach. What’s more, the threat of a powerful DDoS attack, particularly around a significantly busy trading period, gives cyber criminals additional leverage, which may persuade the target organisation to hand over significant sums or ransoms to avoid being attacked. As a result, companies suffer financial losses, damage client and customer relationships and risk damage to their reputation, as mission critical systems and business operations grind to a halt.

Given the nature of DDoS attacks, the best form of defence is being prepared at all times. Rather than waiting for attacks to hit your network and relying on the ability of your security system to stand up to them, best practice is to anticipate them and deal with them in real-time. This process is known as scrubbing. Designated scrubbing centres take care of the heavy lifting when it comes to mitigating and breaking up attacks, ensuring the network layers act as the first line of defence.

This approach means that legitimate traffic always gets through, and malicious traffic is mitigated at the source rather than near the target network so that it doesn’t choke bandwidth.

For retailers to ensure they support the huge surge in traffic volumes during holiday or festive seasons, it is crucial that delivery and security concerns be addressed without any compromise on performance.

They must work with providers that offer an integrated Content Delivery Network (CDN) and security solution that can scrub DDoS traffic nearer to its source – before it hits the retailer’s network. This integrated approach protects both origin and CDN edge servers, with no compromise on latency, thereby delivering a seamless customer experience.

While mobile retailing has led to a great deal of revenue for retailers in the GCC and around the world, it has brought with it unprecedented risks that traditional brick and mortar retailers did not face. To reduce potential damage to the business, retailers need to arm themselves with the right solution. By doing so, enterprises can seek out DDoS attacks and strike back against cyber criminals.

For retailers and businesses across a variety of industries, the fight against cyber-criminals is an everyday effort – a true fight of the modern world.

Srinivasan CR is senior vice president of global product management and data centre services at Tata Communications


Scroll To Top