The holiday shopping season is an exciting time for consumers as well as retailers looking to end the year on a high note. But it can also be stressful for online sellers if their websites, apps and infrastructure are not ready to deliver a secure and exceptional customer experience, according to Akamai Technologies.
Holiday season sales are not only getting bigger every year, but they are also becoming increasingly global events. From Black Friday in November to New Year sales and the days in between, retailers worldwide have been tapping into huge opportunities.
Online commerce is clearly leading the way, with the Electronic Transactions Development Agency forecasting that consumers in Thailand will spend 2.8 trillion baht before the year ends, up 9.9% from 2016. However, the more consumers use the internet to make online purchases, the more aware they need to be about how to shop securely and safely.
Jason Hatch, Akamai's senior director for product management and web experience in Asia Pacific and Japan, likes to use an analogy from television to explain why website operators need to be better prepared.
Hatch: Scaling is first and foremost
"Thinking about the shopping season, my imagination began to run and I couldn't help but think about the wall from Game of Thrones," he said. "The Brothers of the Night's Watch try in vain to hold back the massive force aligned against them only to see their battlements fall."
He says there are five things that the Night's Watch could have done to better protect against the "teeming mass" that was at their doorstep.
First and foremost is scale. The ability to scale a website against a burst in traffic is critical.
"In the case of the Night's Watch, they had controls in place that were dated," said Mr Hatch. "Let's be honest, they had an appliance in place that, while seeming formidable, wasn't able to scale under modern traffic loads.
"Your online retail presence needs to be able to weather the rush of shoppers, which can have the same effect as a denial of service attack if you're not prepared."
The second is to ensure all systems are patched to current controls, or have compensating controls in place. "Keeping the 'hygiene' of your systems current is a self-hammering nail. You don't want to make the attacker's job any easier," he said.
As a defender, the third point is to remain vigilant. The attacker will continue to test your defences until they can find a way to breach your systems. Keep constant watch for account takeover attempts to ensure shoppers' safety.
"Gathering intelligence on your adversary is an important exercise to make certain that you are prepared for threats, whether they are from massive numbers of shoppers stampeding to your website sale or from a large ill-tempered dragon," said Mr Hatch.
The fourth point is to encrypt customer information in a way that cannot be compromised by a third party. Websites might be putting their business at risk if they are leaving customer data exposed.
"While sending messages via raven might work for communications in the seven kingdoms, it's really ill advised to leave your customer data unencrypted, especially when you consider that the EU General Data Protection Regulation (GDPR) is looming on the horizon," he said.
Last but not least, website operators need to have an incident plan ready and tested. They need to establish that they will have staff ready to respond in the event of an outage or data breach. The company will want to have internal and external communications prepared to be certain that it can manage the narrative for all parties in case something goes awry.
"Hopefully, you will never need to put an incident response plan into effect but, an ounce of prevention is paramount," said Mr Hatch.