The cost of fraud and online disruption coincident with Cyber Monday has been revealed in a new RSA study conducted with the Ponemon Institute.
As the holiday season approaches, Cyber Monday, the Monday after Thanksgiving poses a threat to retail organisations. They should prepare for what should be a daily revenue surge that respondents in the study calculate as an average of 55%.
Respondents also expressed concern that a corresponding surge in attacks in these timeframes puts those business gains at risk, with losses on average of as much £300,000 per hour, or £5,000 per minute.
The issue becomes more troubling as 66% expect that disruption would result in customer churn that would damage reputation and brand and could push losses as high as £2.1 million from a single hour of disruption.
Organisational preparedness and action is lacking, as 64% of organisations see significant increases in attack activity, but more than 70% of organisations do not take additional precautions in anticipation of increased attacks.
Additionally, with current capabilities, 51% say that they do not have real-time visibility into web traffic making it difficult to identify the root cause of such attacks – leaving only 23% feeling that most attacks can be quickly detected and remediated.
The report also identifies the top nine scenarios organisations will likely face approaching Cyber Monday with the vast majority categorizing these as difficult or very difficult to detect. In order of likelihood, the attack scenarios are:
Botnet and Distributed Denial of Service (DDoS)
App Store Fraud
Mobile Access/Account Compromise
Click Fraud
Stolen Credit Card Validation
eCoupon Abuse
Account Hijacking
Electronic Wallet Abuse
Brand Promotion Hijacking
Demetrios Lazarikos, IT threat strategist, RSA, The Security Division of EMC, said: "The competitive climate and the unpredictability of the economy does not leave organisations much margin for business error. Unfortunately, the stealth and savvy cybercriminals have advanced to a point where traditional security and fraud defenses on which businesses rely on are at best insufficient and at worst….obsolete.
"Business logic abuse hides in plain sight because it uses ‘legitimate’ processes for illegitimate gain. The problem requires universal visibility, a risk layered approach, and a new way of understanding the adversary. Isolating the outliers in crowd behavior that indicate attacks is critical for identifying malicious behavior and business logic abuse."