Black Friday – DNS at the top of hackers’ shopping lists

DNS security an issue for Black Friday retailersIt’s that time of the year again! This year Black Friday falls on the 24th of November, the day after Thanksgiving. The Black Friday shopping craze extends around the world, reaching retailers and shoppers in the United States, United Kingdom, Canada, Mexico, India and France. The masses of shoppers squashed like sardines in a can, shoving and fighting each other for the best bargains, are mostly now online. This heavy web traffic heading towards DNS servers worldwide has provided hackers with a huge opportunity to hinder retailers. The time is now for retailers to review their network security.

Black Friday is a good time for ecommerce, but a bad time to get hacked

Retailers have to handle a lot of web traffic at the end of every year when shoppers are browsing, selecting and paying for discounted products online. In 2016, consumers spent $1.93 billion on Thanksgiving Day and broke the record of online sales on Black Friday with $3.34 billion, which grew by 22% year-on-year. That expenditure figure increased further when Cyber Monday sales were accounted for.

With spending set to rise again this year, retailers put their businesses at risk if their IT networks are not protected. The Domain Name System (DNS) is a great entryway for hackers to infiltrate a retailer’s network where they can hide amongst high volumes of traffic and deny access to the retailer’s website, costing businesses their revenue and their reputation at a critical time.

DNS – a hacker’s entry point

A busy period online is the perfect cloak for any cyber criminal to find cover and launch attacks. Our latest DNS Threat Survey Report reveals 76% of organizations were subject to a DNS attack in 2016. Of the retail organizations surveyed, over a third (37%) experienced a DNS-based malware attack in the last 12 months.

Damages caused by DNS attacks cost organizations an average of $2.2 million to fix. This cost partly stems from the effects of a compromised website, which affected 37% of organizations. For e-commerce, whose business model relies on DNS functions, the financial setback is even greater. According to The Atlantic, for more than one-third of companies surveyed, a single hour of a DDoS malfunction cost from a range of to $20,000 to $100,000 per-hour.

The time taken to mitigate an attack will have a financial impact on any business. More than a quarter (28%) of retail businesses took almost an entire business day (6 hours) to mitigate an attack, costing them up to $600,000, to resolve one DDoS attack. Nearly half (45%) of all respondents spent more than half a day resolving an attack. A long term consequence will be the loss of revenue caused by brand damage, as customers become  dissatisfied with their customer experience when they cannot access a retailer’s website.

The Cloud could bring retailers down

Due to the cost of deployment and its ease of access, the cloud is fundamental to most large retailers. Alibaba and Walmart, for example, are just some major retailers who use cloud services. Public DNS is another avenue hackers use and, since this platform is not owned by the retailer, it is an area of security that must be closely monitored.

There are consequences if the retailer relies solely on a public DNS. Some of the largest and most sophisticated organizations, including Visa, Spotify and Airbnb, were affected when cloud DNS provider Dyn was attacked and went down in 2016. With half (47%) of attacks having resulted in cloud service downtime, this is yet another area for retailers to be mindful of when protecting their networks and must ensure they have a fallback option.

Time for retailers to ensure their DNS security

Every year there is an outage during the biggest e-commerce period- with Tesco and Macy’s last year and Target and Best Buy (two massive US retailers) in 2015. To prevent brand damage and potentially huge financial loss, now is the time for retailers to test and secure their networks.

As mentioned earlier, DNS is a golden gateway into the corporate network and to the sensitive data it moves. Unfortunately, this is often a neglected area of cyber security strategy. To ensure DNS security, here are three items retailers should add to their shopping lists ahead of the busy e-commerce season:

  • Keep your DNS security up to date. Implement efficient industrialised processes to patch your DNS servers as often as required.
  • Simplify your DNS architecture and add high-performance capability. In order to handle high volumes of traffic, replace useless firewalls and load balancers with purpose-built DNS security technology.
  • Eliminate single point of failure. Rather than place all your eggs in one basket by relying solely on public cloud DNS, deploy hybrid cloud DNS architectures, comprising of a mix of in-house and public cloud DNS.

Both consumers and hackers will be busy shopping this coming Black Friday. As we approach a busy (and hopefully lucrative!) e-commerce period, by following these tips retailers can ensure revenue is captured and leave customers happy during the Black Friday weekend and beyond.