Holiday shopping is in full swing, as evidenced by the two giddy customers sitting next to me at Starbucks the other day. One got a camping tent for 30% off, and the other took advantage of free shipping on a massive bucket of cheese popcorn. While I secretly shared their exuberance, especially for the massive bucket of cheese popcorn, I quickly went into cybernerd mode and thought of the huge risk they were putting themselves in. Alerting their shopping activity to a room full of strangers, transacting with their credit card on an unsecured public network, and leaving their screens unattended while going back for seconds on decaf (which, by the way, I totally get – who doesn’t deserve a little reward for saving money on cheese popcorn?)…it was approaching a perfect storm of online shopping taboos.
That was just two people at a Starbucks on a lonely Tuesday night. Consider that, according to RetailMeNot, more than 56% of American consumers had planned to make a purchase on Cyber Monday this year, which represents an increase of almost 17% over last year. Just last year, consumers spent more than $9 billion in online sales over the Thanksgiving weekend, and that number is growing every day as we get further into the high season for shopping. More shoppers using more credit cards on more websites is a hacker field day, and organized groups of cybercriminals are going to be approaching this strategically.
Tripwire conducted a survey of IT security professionals and discovered that only 28% have a fully tested and ready-to-employ plan for dealing with security breaches. Of the surveyed respondents, 29% have no plan at all, and another third have no system or plan for customer notification within 72 hours of security issues (which is a requirement of GDPR for those keeping score at home). This may seem unacceptable, but it’s reality, and it highlights the fact that retailers have to do their part to ensure their environments are safe and customer data is protected.
This season will be busy for everyone who is responsible for online retail operations, but you don’t have to miss any holiday cheer while being hunched over a computer, stressed out about where the risks are. If you aren’t already pursuing the following actions, it’s highly encouraged that quickly create a set of actions and practices to quickly fix any potential threat sources before they become a problem with more traffic:
Re-visit incident response guidelines
It’s important that you review and share your organization’s incident response plan for security and compliance issues with your team. It’s best if that plan is based in automated remediation because if a threat is detected and determined to be a critical issue, an AWS Lambda response is immediately initiated, which kicks into a “snap & destroy” mode. That means the infected asset is now out of commission (because your solution identifies it), the issue has been isolated, and that all took, maybe, five minutes.
The important thing, however, is that your team knows how to respond when an issue surfaces. There is a combination of action, communication, escalation, and reporting that has to happen, and speed is critical.
Check permissions on public-facing data
Your environment has to be open in order to do business, and the security in your cloud is fully your responsibility. But questions linger as to what resources and data should be restricted, and as your environment changes, so must your policies. The holidays aren’t a time for sweeping changes or policy implementation, but you should identify areas where data about your operations may be available. If you have access permissions that are globally open, it’s time to update your user role and access policies.
Review AWS S3 bucket policies
Many recent high-profile breaches have occurred because an organization’s AWS S3 buckets had improperly configured permissions. The result of this is that data is available to those who shouldn’t have it, and because you’re unaware of your settings, you likely aren’t aware that sensitive data is being accessed until it’s too late. At a time like the holidays, when activity in and out of your environment will be on hyperdrive and infrastructure changes might happen quickly, it would be a good idea to do a comprehensive review of all S3 bucket configurations. You can review and enforce access according to AWS and your own organization’s best practices, and lock down buckets where necessary. Doing this now is a smart preventative measure for the immediate holiday season, but it is also a good practice your team should always be doing, and starting now will set them off on the right foot for a continuous practice.
Be vigilant about common hacks
You’ll likely already be seeing large amounts of data moving in and out of your repositories, so you and your team will need to rely on monitoring data for some of the more common types of breach activity. These include the injection of malware/ransomware, accessing misconfigured servers and repositories, DDoS attacks, brute force hacks, as well as a variety of other types of malicious activity. Your team is going to be busy just making sure your environment is available and optimized, so hopefully you can rely on a continuous monitoring solution to alert you and your team to any misconfigurations that create risks to your organization. .
Hopefully this is a happy, healthy, and profitable holiday season for you and your business. At the same time, I also wish for you no more stress than you’ll already have on your plate, and with just a few steps, you can remain mostly free from worry and maintain a safe, secure state for your business and your customers.