Cyber Monday is always the Monday after Thanksgiving. In 2020, that date will be Monday, November 30. Are you ready?
No, we don’t mean ready to make a lot of online purchases. Or, from a retailer perspective, ready to process higher-than-usual data transaction volumes. Those are givens. Rather, are you prepared for a secure Cyber Monday?
Cyber Monday has grown significantly since its beginnings in 2005 as a marketing ploy to give smaller retailers with an online presence a chance to compete against brick-and-mortar retail giants (and Amazon, of course). In 2019, Cyber Monday racked up sales to the tune of $9.4 billion of spending, an almost 20% YoY increase from 2018. And, similar to Black Friday, the onslaught of deals now exceeds and extends beyond this one day. That said, Cyber Monday still exerts the strongest economic gravitational pull of any economic-centric “day” outside of China’s Singles Day (which takes place on November 11 each year).
The total Cyber Monday spend referenced above is based on data derived from more than a trillion visits to thousands retail sites. It also includes transactional data from 80 of the top 100 U.S. online retailers. And, while there’s no way to know the exact amount of data involved, it’s safe to say that simply calling it enormous is a huge understatement.
Transactional data: into the vortex
So, what happens to all of the transactional data generated over Cyber Monday? The answer is… complicated.
Let’s start with the retail website where the data first gets collected.
In most cases when you transact with an e-commerce store (i.e. provide payment for a cart of items), the payment data is tokenized and processed only by banks and credit card processors. The retailer, for compliance reasons, should not be holding on to any raw credit card data – only the token that references the data. Further, any Personally Identifiable Information (PII) – such as name and address – must also be carefully managed, as to comply with privacy laws. For the sake of understanding customer behavior, the retailer has the payment information stripped, the PII is “anonymized” (i.e., given a random identifier or placeholder values that prevent identification – yet still provides a tie to your previous purchase behavior) and the rest of the transactional data (e.g., your Christmas gifts and quantities) are left to process.
From here, to perform the analysis, the vendor either “transforms” the data into a format their database works with and loads it into the database (ETL), or loads and then transforms it (ELT) — mashing it with all of your purchase history and the histories of millions of others. There are literally hundreds of database and data analysis solutions and platforms on the market, running from legacy systems like Oracle and hot new unicorns like Snowflake to open source stalwarts like MySQL…and everything in-between.
At the same time data is being collected, the vendor – unless prohibited by your browser settings – leaves a tracking mechanism behind in your browser, typically a cookie but sometimes an even more invasive method like cross-device tracking that has all sorts of marketing uses. Once a vendor can track your purchasing preferences and other online actions, you become a prime target for ads, emails, and all sorts of marketing efforts, as we are all (sometimes painfully) familiar with.
While there are regulations (such as GDPR in Europe and CCPA in California) that place restrictions on how data – like PII – is used and who can access it, it’s still more “Wild West” than “buttoned-up” when it comes to companies using and profiting from consumer data. That’s something we are all going to have to live with for the foreseeable future.
From the business perspective, e-commerce transaction/revenue increases like those found on Cyber Monday are a godsend. This is especially true for small and medium-sized businesses (SMBs) that don’t have brick-and-mortar locations and marketing resources that retail behemoths do. And technology has gotten to the point today where even a neighborhood restaurant can get up and running with a database solution in minutes as opposed to not being able to afford an on premise, legacy database install like back in the old pre-cloud days. They can even do important marketing activities like email campaigns for free.
All of the above scenarios run on today’s new “oil” – data. All that value, of course, comes with risks and threats.
Hey, consumers – it’s scary out there
As a consumer, once you supply your personal information to any website or app, it becomes a potential target for hackers. While most vendors try to act responsibly with customer data and keep it secure, many do not. But even if a company does its best to protect your personal information, that doesn’t mean it won’t be hacked and used by bad actors. There are numerous examples of this, but famous ones like the Equifax breach from a few years ago – where 147 million people had their personal information stolen – are never that far from the news cycle.
There are also more direct security threats to deal with, such as phishing scams, ransomware attacks and plain old-fashioned malware.
In phishing and spear phishing scams, individuals get an unsolicited email (often personalized, seeminging from someone you know) asking for personal information and/or money. They go to personal and business emails alike. Particularly nefarious is the spear phishing flavor of this threat, where the attacker adds more personalization and makes it tougher to detect as an attack.
Ransomware – where data is seized or some threat is made, such as locking down a critical system or exposing the data – goes after money and is no longer just a business concern, as attackers have expanded to individuals.
Malware includes ransomware and a whole host of other scary threats like viruses, spyware, adware, and the like.
Hey, SMBs – it’s scary out there
SMBs are subject to the same cyber threats as consumers year-round, not just with heightened Cyber Monday activity. They also have more data and valuable information than individuals, so the number of attacks is higher, the attackers are more relentless, and there are more and different types of threats to worry about. Some of these include:
- Data loss and compromise
- Costs related to damages and data recovery
- Business downtime
- Loss of external party trust (customers/partners/suppliers)
- Loss of employee trust
- Loss of business viability
This blog post on the subject of “How Cyber Awareness Can Save Your Company” takes a deeper dive into these cyber threats if you’re interested in learning more.
Cyber Monday is coming – are you ready?
If you’re not feeling as secure as you’d like ahead of diving into the Cyber Monday deals or, for SMBs, having your IT stack ready for the spike, then there’s still time to change that equation. Even if you do feel secure, there’s always room for improvement. Always. There is no strategy or solution that is 100% impenetrable. It’s really about managing risk in a smart, purposeful way.
If you are a consumer:
- Research and acquire antivirus and/or antimalware software
- Research sites that you haven’t used before that are not well-known – it’s a jungle out there!
- Make sure the site you are about to make a purchase on is secured and encrypted (via SSL issued by a reputable certificate authority — represented by a lock icon/“https” prefix in the address bar of your browser)
- Save all confirmation messages and receipts
- Strengthen your passwords
- Check your credit card statement regularly and/or set up credit card alerts with your bank
For SMBs and other businesses experiencing Cyber Monday from the other side of the proverbial looking glass:
- Use Cyber Monday as a forcing function to thoroughly assess your customer database and other IT infrastructure security
- Stay current with your security software
- Have procedures in place to deal with a consumer data breaches
- Educate your employees on security best practices and how to avoid attacks like phishing
And last, but certainly not least – protect your data by backing it up and ensuring it’s recoverable in case of a disaster like the situations described above.
Whatever you do, have a BDR solution ready ahead of the Cyber Monday chaos
Along with the bottom line impact of Cyber Monday’s sales to your company’s revenue stream, the data you gather from the day itself and surrounding days brings the most value. That’s why it’s critical to have a backup and disaster recovery (BDR) plan – and solution – in place.
In addition to the cyber attacks that hit many SMBs, the additional site traffic and transaction volume can lead to self-inflicted damage such as insufficient IT resources failing at the worst possible moment and resulting in downtime. In a recent survey about the costs of downtime, 37% of SMB respondents lost customers and 17% lost revenue. The survey also reported that software failure (53%) and cybersecurity issues (52%) were the most common downtime causes, followed by hardware failure (38%), human error (36%), natural disaster (30%), and/or hardware theft (24%).
Comprehensive data protection powered by BDR is readily available and can even be tailored to specific industries, use cases and IT environments.
The unstoppable train that is Cyber Monday rolls on
For an event that has been around less than 20 years, Cyber Monday’s importance to retail is immense. It’s also growing, as the chart below shows.
Source: Adobe Analytics
It’s not a stretch to predict that $10 billion is the floor for this year, and the total will likely be much higher.
Cyber Monday’s benefits are enticing. For consumers, there are great deals to be had and near-limitless options available via online shopping. For businesses, it’s one of the best opportunities to juice your sales numbers and pick up new customers that you can then turn into repeat customers.
The threats are out there – external and internal – and some of the most common have been outlined above. The bad news is that the malevolent actors, as they always do, see events like Cyber Monday as an opportunity to go after consumers and businesses alike with tried-and-true approaches like phishing along with newer and more sophisticated attacks such as ransomware and cloud-jacking. The good news is that there are strategies and solutions available that are proven to keep most attackers at bay, ensure your data is backed up and recoverable in case of disaster, and ultimately help lead to a successful day. It is possible to shop Cyber Monday deals and protect valuable personal information at the same time.
So, now with some Cyber Monday context and advice in hand, the question from the beginning of this post remains: are you ready? Happy – and safe – cyber shopping and holidays!