Obamacare Site Woes Highlight Costly Cloud Hosting Threats
Retailers Plan Ahead For Cybercrime Disruptions, Downtime
A vendor networking issue crippled the Obamacare problem-plagued website this weekend, highlighting one of the biggest threats to users of cloud hosting services often identified by security experts: Disruptions. The site, HealthCare.Gov, is hosted on infrastructure maintained by Verizon subsidiary Terremark.
Website downtime and technical snafus are a serious concern because a single incident could cost businesses millions, according to a new Ponemon report issued this week. For example, a single disruption on Cyber Monday, the Monday after Black Friday, one of the busiest holiday shopping periods, could result in brand damage that is estimated at $3.4 million for one hour of downtime, according to the study issued by the Ponemon Institute. Reputation and brand damage can erode due to a variety of issues, the study found. The survey of 1,100 experienced IT practitioners in the U.S. and England identified the following problem that can be alleviated with careful planning, system redundancy and security controls. Here are five of the costliest threats.
Denial-of-Service Attacks
Botnet and denial-of-service attacks are most likely to occur during the holiday season, according to the survey. The threat is likely to occur during high traffic days, making it difficult to detect and mitigate, according to survey respondents. The attacks are designed to bring down websites, but they can also be directed to specific web applications or services hosted by third-party providers, making it even more difficult to respond and get the problem fixed quickly.
The survey found that most respondents had either deployed denial-of-service technology to address the issue or have contracted with a third-party service provider to provide protection if an incident takes place during peak times.
Mobile Store Fraud
Cybercriminals manipulating mobile apps by creating phony rebates for products and services is also a serious concern, according to the IT practitioners surveyed by the Ponemon Institute. Coding errors could also come into play, providing people a way to gain the app to manipulate the platform in a way to gain financially. The problem stems from application logic flaws, errors in the way a transaction flows that are difficult to detect. The only real way to find them, according to security experts, is to hunt for logic flaws by hand.
Seventy-eight percent of those surveyed by Ponemon say mobile store fraud is more likely to occur on Cyber Monday. About half of those surveyed said they conducted a manual inspection of their websites and mobile applications in an attempt to detect application logic vulnerabilities.
Malware Attack On Mobile Access
Attackers can use malware or a phishing campaign to capture account credentials from users. Mobile malware is less likely to be a serious threat, but those surveyed by Ponemon said it was a serious concern. Sixty-six percent of respondents said it is more likely to occur during the holiday season. The study found that many firms hardened their identity and authentication systems to reduce the risk of a successful attack.
System monitoring can detect attempts to gain unauthorized access, password requirements can be strengthened and two-factor authentication can validate a user's identity, but a fine balance takes place between security controls and customer usability, say IT security pros. Retailers want to ensure the buying experience is disrupted as little as possible with security controls or the customer could turn elsewhere.
Click Fraud
A long-standing issue among advertising networks is click fraud, a method of gaming "clicks" for an advertising campaign in an attempt to reap a larger payout for the campaign. The Ponemon study found that IT practitioners thought click fraud threat would increase during the holiday season. Some survey participants indicated that technology was deployed to detect malicious scripts and other techniques used to manipulate advertisements in click fraud attacks.
Testing Stolen Credit Cards
Cybercriminals that either stole a cache of credit card numbers or acquired them on a hacking forum often test them, charging a minimal amount against a retailer's payment systems, Ponemon said. The survey found that the activity is more likely to be carried out during peak shopping days in the holiday season, including Cyber Monday. Once active cards are validated, a mule is used to either withdraw funds from an ATM or make large purchases either at a retail location or via the retailer's ecommerce website. Sixty-six percent of those surveyed said it is difficult to detect.