Featured Guest RH-ISAC Blog Post: Akamai: 5 Things You Should Be Doing to Protect Your Website This Cyber Monday

5 Things You Should Be Doing to Protect Your Website This Cyber Monday
By: Dave Lewis, Global Security Advocate, Akamai
Every year we return to talk about security steps to better protect the individual shoppers. We discuss the myriad of confidence scams that crop up during Black Friday and Cyber Monday to ensnare shoppers. We examine things that people can do to stay safe online. But, what we often neglect to talk about is how the retailers can better protect themselves.

Thinking about this coming shopping season, my imagination began to run and I couldn’t help but think about the wall from Game of Thrones. The Brothers of the Night’s Watch try in vain to hold back the massive force aligned against them only to see their battlements fall.

There are 5 things that the Night’s Watch could have done to better protect against the teeming mass that was at their doorstep.

First and foremost was scale. The ability to scale your website against a burst in traffic is a key. In the case of the Night’s Watch, they had controls in place that were dated. Let’s be honest, they had an appliance in place that, while seeming formidable, wasn’t able to scale under modern traffic loads. Your online retail presence needs to be able to weather the rush of shoppers which can have the same effect as a denial of service attack if you’re not prepared.

The second is ensure your systems are patched to current controls, or have compensating controls in place. Keeping the hygiene of your systems current is a self-hammering nail. You don’t want to make the attacker’s job any easier.

As a defender, the third point is salient. Remain vigilant. The attacker will continue to test your defenses until they can find a way to breach your systems. Keep constant watch for account take over attempts to ensure your shoppers’ safety. Gathering intelligence on your adversary is an important exercise to make certain that you are prepared for threats. Whether those threats are from massive numbers of shoppers stampeding to your website sale or from a large ill-tempered dragon.

Fourth point is encrypt your customer information. There is no such thing as “responsible encryption.” Protect your customer data in a way that can’t be compromised by a third party. You might be putting your business at risk if you are leaving customer data exposed. While sending messages via raven might work for communications in the seven kingdoms, it’s really ill advised to leave your customer data unencrypted. Especially when you consider that GDPR is looming on the horizon.

Last but certainly not least, have your incident plan ready and tested. You need to establish that you’ll have staff ready to respond in the event of an outage or data breach. Your company will want to have internal and external communications prepared to go to be certain that you manage the narrative for all parties in case something goes awry. Hopefully, you will never need to put an incident response plan into effect but, an ounce of prevention is paramount.

Buckle in and get ready. Winter is…er…shoppers are coming!

# # #

More Recent Blog Posts