How Can Retailers Protect Customers From Downtime and Data Breaches?

Written by Anthony Webb, Vice President International, A10 Networks 

With the February school holidays and residual New Years’ sales upon us, retailers are expecting high network traffic. During these peak times, retailers often expect and prepare for a higher-than-average number of visitors to both their stores and their online websites.

But with soaring inflation and energy price rises causing economic uncertainty, predicting the level of sales traffic that e-commerce sites can expect over a spike period such as Christmas isn’t an easy task. Therefore, adapting their strategies to ensure they are ready for any level of network traffic must be a priority.

And while online shoppers are badly needed in the current economic climate, if the network can’t effectively handle capacity surges and/or the website crashes, this not only costs sales but it can also negatively impact on the retailers’ brand reputation.

In 2020, even some of the industry’s giants were caught off guard by exceptionally heavy traffic. Among a great number of websites that crashed on Black Friday and Cyber Monday were the electronics store Best Buy, global marketplace Etsy, and the clothing retail giant, Zara.

Downtime impacts business 

Customer and employee experience is critical to business performance. In fact, 40% of enterprises report that a single hour of downtime can cost their business between $1 million and $5 million. Likewise, often by the time users report a problem, the damage to the business has already begun. Unsurprisingly, 46% of users don’t revisit poorly performing websites.

These are quite staggering statistics. This means that organisations must deliver the best possible experiences for employees and customers alike. And in today’s world, where the lines between office and home blur, so have user expectations. Whether people are working, shopping, or relaxing, they expect a high-quality application delivery experience for the applications they use, and security they can count on.

Therefore, online retailers need to look at how they manage their traffic. If servers are slow and they are unable to re-route traffic quickly, users will be affected. They, therefore, need to consider the health and response time of each site in their environment to make intelligent adjustments on-the-fly for uninterrupted application availability. When a site or server slows—or fails—they need to be able to re-route its application traffic quickly before users are affected.

Likewise, they need to be prepared for capacity surges and have a plan in place to recover quickly from any downtime and provide extra burst capacity in case of a surge.

Cyber risk increases as prices drop

To compound the issues highlighted above, not only are e-retailers facing wavering consumer confidence and a pullback in spending, oversupply for some retailers, they are also experiencing a huge uptick in cyber threats in 2022.

Now, busy e-commerce channels provide cybercriminals with additional motivation to launch cyber-attacks including phishing, ransomware, DDoS malware and injection attacks. For example, e-commerce businesses hit with an injection attack could find their customers redirected to a fake site that illegally harvests customer information.

Fortunately, there are some actions that online retailers can undertake to keep applications, networks, and the business safe from threats, especially during peak online shopping periods.

• First, they should look for a solution that provides DDoS detection and mitigation, combined with actionable threat intelligence, to ensure services are continually available to legitimate users. Hackers have learned how to weaponise IoT devices to launch complex multi-vector and volumetric attacks, capable of bringing down application servers and entire networks.

• Second, protect web-based applications with web application firewall (WAF) technology. Outdated applications are especially vulnerable to attacks. A WAF will secure them from hackers looking to exploit HTTP and web application-based flaws.

• Third, find solutions that meet current and future platform needs. Even if the e-retailer hasn’t fully transitioned to the cloud, they’ll likely have some cloud-based apps. They must be sure their solution is ready when the company is ready, whether it is moving to a hybrid cloud or multi-cloud infrastructure.

• And lastly, they need to continue to educate employees and consumers on the need for good cyber hygiene.

As this busy period looks to extend beyond just the traditional spike dates, it is imperative that e-commerce businesses secure applications, servers, and networks from cyber threats and downtime. A single gap or weak spot can bring devastating consequences, from disrupted operations, damaged relationships, and lost customer loyalty to steep regulatory fines.

Threats of all types are increasing rapidly; the average cost of a data breach increased 2.6% from $4.24 million in 2021 to $4.35 million in 2022; our research tracked 15.4 million DDoS weapons in 2021, with this number likely to increase further, creating massive attack potential for bad actors. With malware attacks and cybercrime tactics continuing to evolve, no e-retailer can afford to be impacted in the current volatile economic climate.

Following the e-commerce traffic spikes of Christmas, the consequences of either a successful attack or unplanned downtime, or the inability to manage network traffic in the current volatile environment, became clear. In 2023, it is essential that these businesses ensure resiliency with a few simple steps.