I don’t know about you, but the winter holiday season is a bittersweet pill for me to swallow due in part to two occurrences which are aptly named “Black Friday” and “Cyber Monday.” The connotations themselves conjure up images of sinister malevolence. Black Friday might as well be called “The Black Plague” and Cyber Monday could very well be the title for the next Terminator movie, “Cyber Monday – Rise of the Machines.” The two lexicons of retail mind-control methods are emblazoned in the pre-frontal cortex of every consumer out there…unless by chance, you have been one of the lucky few individuals who is stuck in the 1950’s and opts to buy their holiday presents from the Sears Roebuck Holiday catalog, I envy you.
It’s gotten so bad that my wife and her girlfriends actually plot out which stores they plan to camp out at a month in advance. Look, I’m all for pitching a lawn chair at 2:00 a.m. in front of the movie theatre so I can catch the premier of “Gladiator Part 2” (still hoping Ridley Scott makes it happen), but standing in the cold, crisp night with 600 other annoying strangers for a better than normal discount on a Dutch oven is just plain wrong. The irony is it’s been proven the so-called deals at these twilight fire-sales aren’t really that good after all. You’re better spending your kid’s college money online within the comfort of your heated home and at a non-sleep deprived 8:00 p.m. But who am I to judge?
What’s equally ironic is the very Hydra (i.e. the merchants) that creates these two days of price-saving pandemonium doesn’t walk away unscathed themselves. EMC recently released a study that Cyber Monday attacks cost organizations up to $3.4 million per hour in losses¹! Just think, with that much money, you could buy every person in the United States one Dutch oven. As the holiday season approaches, retail organizations look forward to, and prepare for what should be a daily revenue surge that respondents in the study calculate as an average of 55 percent. However, this spike in profits doesn’t come without a price. The study points out that while a majority of merchants experience a spike in holiday-timed attacks; most admit to not being able to detect them. The study highlights three intriguing data points:
- Cyber Monday represents an average 55 percent surge in daily online/mobile retail revenues.
- A corresponding surge in attacks drives hard losses, on average, as much as $500,000 per hour or $8,000 per minute. Customer churn from reputation and brand damage can drive losses to as much as $3.4 million from a single hour of disruption.
- While 64 percent of organizations see significant increases in attack activity, only 23 percent of attacks can be detected quickly and remediated, and nearly 70 percent of organizations do not take additional precautions in anticipation of increased attacks.
When it comes down to it, what’s really at stake for a retailer is dealing with compromised network uptime and availability, not to mention the security aspect of credit and banking transaction fraud that could slip through, and most importantly, Distributed Denial of Service (DDoS) attacks that could be launched against a retail site to take them down during one of their highest revenue-generating days of the year.
It Just Got Real – Move Aside Santa Clause
Larry Ponemon, Ph.D., Chairman and Founder of The Ponemon Institute states, “Forward-thinking organizations that have the agility to break from the status quo and embrace innovation can not only better protect their business, but also gain a massive advantage. Reducing losses from fraud and increasing trust in the brand can propel a business ahead of its competitors.”¹ I wouldn’t be surprised if Larry was thinking of Endace’s Network Visibility Products (NVP), including its EndaceProbe™ Network Recorders, EndaceFlow™ 3040 NetFlow Generator Appliances (NGAs) and EndaceVision™ Network Traffic Search Engine in particular because they are geared to safeguard and protect a retail organizations’ network infrastructure “soup to nuts.”
With the overwhelming deluge of online shoppers tapping away the paint off their keyboards, Cyber Monday and Black Fridays create an enormous and immediate spike in network traffic on retail networks which pose both significant problems from a data availability standpoint and that of network security. What is required is incorporating the right best practices, well in advance, in order to help resolve potential issues on the fly using advanced network monitoring tools such as those offered by Endace. EndaceVision is the world’s first collaborative network traffic search engine and unlike most traditional analytics tools, EndaceVision runs in any web browser and is built around a powerful workflow that helps network engineers and security analysts quickly get to the precise information that they need to resolve a potential availability or security issue. Using EndaceVision, retailers can search through terabytes of network traffic stored on many different EndaceProbes. With an application classification as part of the index, users can review the traffic through multiple different lenses and they can zoom in, add and remove filters to find the information that they need.
EndaceProbes and EndaceFlow NGAs are designed to operate in high-density 10Gb Ethernet (10GbE) networks, such as those found within large retail organizations, and can provide the visibility needed for helping IT staff identify performance problems, security flaws and abnormal activity, such as internally or externally occurring fraud taking place outside of normal traffic activity. EndaceProbes can be deployed across a retailer’s network to capture and feed-back continuous network traffic information, enabling admins to retain complete blocks of network traffic across different time periods, different days, weeks and months in order to build a picture of legitimate peak and off-peak traffic, seasonal spikes, the manifestation of network security issues and the exploitation of network nodes for unauthorized activity such as those indicative of a typical Cyber Monday attack.
An EndaceProbe Network Recorder can be configured to collect full or partial packets, selected packets, random packets in a flow, or just header and metadata unique to particular data packet types or particular applications. With retailers often handling thousands, if not millions of similar transactions on Black Friday and Cyber Monday, fraudulent traffic can be easy to hide in the mix if IT admins are only taking brief snapshots of the network. A complete or focused prolonged period of capture means that transaction traffic and data packets can be reviewed and mined to determine if a particular node or branch is not transacting the way it should. By “recording” periods of network activity, retailers can review the impact of peak demand on the network, or any subsection of the network, to see the effects of external cyber attacks, pinpoint potential vulnerabilities on the network and implement measures that can be used proactively to prevent problems.
I realize there is no shortage of unemployed Computer Science graduates with lots of free time on their hands (not to mention the Russian Mafia) so it’s safe to say Cyber Monday attacks will not be ending any time soon. However, as Larry Ponemon points out, retailers that are prepared for the inevitable cyber security breach and utilize best-of-breed solutions like those we offer can beat the bad guys at their own game and live to fight another day.
So in a fitting farewell to this topic, I have to confess that the one redeeming and enjoyable repercussion of Black Fridays and Cyber Mondays is the overwhelming sense of amusement I soak up the next day when reading about the inevitable riot that broke out between moms fighting over the last standing crock-pot in the local Wal-Mart. It almost makes these two days tolerable.
¹RSA and Ponemon Institute Study, October 2013 http://www.emc.com/about/news/press/2013/20131028-01.htm