Holiday season to put security to ultimate test

This holiday season will put many IT teams to the ultimate test as more shoppers than ever buy gifts online, in part to help combat the spread of the COVID-19 pandemic. The challenge is that a global survey of 2,600 consumers conducted by OpSec, a provider of authentication tools, suggests those shoppers are also a lot more security conscious in the wake of the COVID-19 pandemic.

The survey finds 46% of respondents said they now check whether an e-commerce site has an SSL certificate. Over half (54%) said they also evaluate a site by reputation, with 23% investigating the brand on social media.

Much of that activity is being driven by the simple fact that 86% of consumers report they have been a victim of identity theft, credit/debit card fraud, or a data breach this past year. Not surprisingly, there’s a lot less confidence in shopping online. Nearly two-thirds (63%) said they are specifically concerned about cybercriminals stealing their personal details during the online shopping process, while 58% are more concerned about the possibility of scammers actually stealing their money.

Of course, cybersecurity professionals are ultimately tasked with restoring that confidence. A separate survey of 300 technology professionals at e-commerce organizations with 1,000 employees or more, conducted by xMatters, suggests that may be a significant challenge for many organizations. Well over a third of respondents identified protecting customer data (38%) as their top challenge, followed by maintaining service availability during peak traffic times (35%) and dependency of and reliance on third-party systems (19%).

A majority (69.4%) also noted they have experienced increased complexity in and around the functionality of new systems, the survey finds.

Increasing cybersecurity complexity

Complexity, of course, is the enemy of cybersecurity. The more layers of software and infrastructure there are, the larger the attack surface that needs to be defended becomes. Cloud-native technologies such as microservices built using containers and serverless computing frameworks, for example, require additional levels of security. Not all those technologies have been thoroughly vetted, so organizations that make use of these technologies should not be surprised when new vulnerabilities are discovered in the weeks ahead.

Regardless of the underlying platforms and technologies employed, cybersecurity professionals that work for online retailers are once again going to be put to the test this holiday season. The issue is that as the level of traffic and transactions increase so too does the potential for everything from malware infestation to outright fraud. Cybersecurity teams are being asked to significantly up their game at a time when many of them were short-staffed even before the level of online transactions began to escalate after the pandemic began.

There is, of course, no such thing as perfect security. Selling anything online assumes a level of risk that any business needs to be comfortable with. Otherwise, they probably shouldn’t be online in the first place. The real issue is determining precisely what that level of risk is given all the potential rewards for the business.