Things e-tailers must do to secure users during festive shopping spree

Sanjai Gangadharan

India is witnessing its first “online Diwali” this year. All the major e-tailers have geared up to tempt consumers with irresistible promotions, special deals, and product launches.

The convenience of online shopping along with huge discount offers, easy payment options and customized delivery options appeal to the modern buyer and tilt them to online. But, there is a downside. Increasing cyber security attacks in India has targeted the e-tailers extensively.

Indian e-commerce sector is 2nd most vulnerable to cyber-attacks after financial services. Retail portals, financial sectors and payment gateways are often subject to DDoS and other forms of attacks, making the service inaccessible or risk customer personal data falling into criminal hands.

These breaches cost e-tailers dearly, not only in terms of lost revenue and decreased productivity, but also by damaging the brand reputation and customer confidence.

Knowing that consumers blame e-tailers (75 percent of consumers believe that keeping shopper information safe is the e-tailer’s responsibility) and regulators are looking to hold stores accountable, we have seen e-tailers increase their focus on improving cyber security to better protect the payment and customer information they collect during payment transactions.

Indian e-tail giants say they see two to three cyber-attacks every week. Keeping in mind the e-commerce boom, they have dedicated ethical hackers whose only job is to break into the website to check for any vulnerability. Unfortunately, it can be difficult to ensure security measures are consistently enforced across all of a e-tailers’ remote locations.

Encryption is one means to secure sensitive customer data collected by their point of sale(POS). A recent study by A10 Networks found that e-tailers are encrypting an average of 33 percent of their outbound Web traffic and that is to increase to 42 percent over the next 12 months. This is a start. Unfortunately, encryption can also present some real security challenges.

A new trend show that hackers are using encrypted(SSL) traffic to hide their attacks and to bypass an organization’s defenses (such as next-generation firewalls, intrusion prevention systems(IPS), unified threat management(UTM) platforms, etc.).

While 92 percent of e-tailer respondents to the survey recognize that SSL traffic inspection is “Important” to “Essential” to their business’ overall security infrastructure, only 35 percent decrypt Web traffic to detect attacks, intrusions and malware. As a result, many are not confident in their ability to protect against attacks hiding in encrypted traffic.

When probed on why they are not inspecting more encrypted traffic, respondents cited reasons like performance degradation, insufficient resources, and lack of enabling security tools. Independent tests show that most security devices experience an 80 percent performance degradation when they decrypt and re-encrypt traffic.

e-tailers require a solution that enables them to scale SSL inspection to identify potential threats without impacting the overall performance, productivity or availability of their sites.

The solutions should have the ability to:

-Scale to meet current and future SSL performance demands

-Securely manage SSL certificates and keys

-Satisfy compliance requirements

-Maximize the uptime and performance requirements of the overall capacity of the security infrastructure

-Interoperate with a diverse set of security products from multiple vendors

-Granularly parse and control traffic based on custom-defined policies

-Categorize Web traffic to ensure confidential or sensitive data remains encrypted (satisfy regulatory requirements)

-Intelligently route traffic to multiple security devices

This way, e-tailers can maintain the availability and security of their POS systems and e-commerce sites, with high-performance SSL inspection for even their smallest store locations.

The author is Regional Director SAARC, A10 Networks