black-friday-1

In the second part of our Black Friday series, Fresh Business Thinking talks to IT security industry experts on how businesses should be securing their systems and customer data in the run up to Black Friday.

Wieland Alge, VP & GM EMEA at Barracuda Networks

"The sale waits for no one. Regardless of how much personal Internet use you allow in your network, you will almost certainly have some users thinking about shopping on their work computers this Black Friday weekend. When reviewing your security in the run-up to the Black Friday and Christmas season, it’s essential to look both at the consumer-side and the network-side security. The consumer-side includes hardening your workstations with up-to-date software, firewalls and anti-virus installed and conducting awareness training around best practices for online shopping. It might sound obvious, but you don’t want to harden the network only to find that one of your users has joined a botnet on their workstation.

On the network side, you should start by more closely monitoring your internal traffic and bandwidth, keeping an eye out for the users who are most likely to fall prey to a scam and any unusual spikes that could uncover a stealth attack on the network. Next up you should review your firewall rules for conflicts, gaps and outdated rules, using the monitoring data to inform the new ruleset. Finally, check that your firmware is up to date and that all other electronics, devices and policies are running with the latest security fixes in mind."

Simon Moffatt, senior product manager at ForgeRock:

“Shoppers expect consistent, frictionless and most importantly, secure retail experiences – online, in store and through mobile apps. They expect to browse, shop and buy in whatever way works best for them, at any given moment. For retailers to remain competitive in the digital age, they must revolutionise the way they operate to meet these demands and provide a personalised, secure customer experience at every point of interaction – digital or physical. As digital retail success becomes more about how well you know your customers in an omnichannel world, digital identity will be vital to ensuring purchasing habits and customer data are safe and sound with a trusted retail outlet.”

Ryan O'Leary, VP Threat Research Centre at WhiteHat Security:

“First, those in charge of securing websites and mobile applications need to be proactive and build with security in mind. It may take a bit more time or cost a bit more money, but it’s a solid investment to prevent media embarrassment and loss of trust from your users, which would negatively impact your business. Second, the easiest, most dangerous vulnerabilities on your flagship application, or those applications that contain private information, should be dealt with first regardless of how difficult they are to fix. Finally, think “fast remediation”. The current average time-to-fix vulnerabilities in retail websites stands at 205 days. Considering Black Friday isn’t even 100 days away, perhaps set yourself a challenge to go away, find your flaws and fix them fast."

Thomas Fischer, threat researcher and global security advocate at Digital Guardian:

"Malicious parties may decide that the Black Friday weekend is a good time to flex their muscles and show their ability to control our use of the Internet. Businesses and retailers should look at continuity planning, taking into account the services that can mitigate any direct denial of service attacks, as well as a plan to recover if the primary DNS provider is taken down.

Specifically for those in charge of retail IT systems, in the past we’ve seen eager consumers and malicious parties looking to exploit weakness in the application to allow them to pre-purchase goods, or even “corner the market” on the offers by using scripts to continuously poll and purchase the best deals. A good AppSec testing and development program is key in this case. When testing the security of applications, make sure that data integrity is checked as this will stop any pre-sales leakage or make sure that people can’t attack the site and change prices. Another important test is looking for the presence of a real user, to avoid scripting attacks against the site."

Tom Harwood, co-founder and chief product officer at Aeriandi:

“According to Financial Fraud Action, more than one million incidents of financial fraud happened in the first half of this year, equating to one incident every 15 seconds. As more of us shop online telephone agents in contact centres are becoming an increasingly attractive target for criminals looking to take advantage of poor phone security practices.

To help protect their customers and outsmart the fraudsters, businesses can look at new technology-based solutions such as voice biometrics. The introduction of an effective voice biometrics system, ideally alongside measures such as intelligent fraud detection can significantly bolster any business’s telephone identity and verification security whilst simultaneously improving the customer journey. Who wouldn’t want that?”