Cost of fraud and online disruption
Cyber Monday represents an average 55 percent surge in daily online / mobile retail revenues, says a new study by RSA and the Ponemon Institute, and a corresponding surge in attacks drives hard losses, on average, as much as $500,000 per hour or $8,000 per minute.
66 percent of the respondents also expressed concern that disruption would result in customer churn that would damage reputation and brand and could push losses as high as $3.4 million from a single hour of disruption.
But while 64 percent of organizations see significant increases in attack activity, only 23 percent of attacks can be detected quickly and remediated, and nearly 70 percent of organizations do not take additional precautions in anticipation of increased attacks.
Additionally, with current capabilities, 51 percent say that they do not have real-time visibility into web traffic making it difficult to identify the root cause of such attacks – leaving only 23 percent feeling that most attacks can be quickly detected and remediated.
The report also identifies the top nine scenarios organizations will likely face approaching Cyber Monday with the vast majority categorizing these as difficult or very difficult to detect. In order of likelihood, the attack scenarios are:
- Botnet and Distributed Denial of Service (DDoS)
- App Store Fraud
- Mobile Access/Account Compromise
- Click Fraud
- Stolen Credit Card Validation
- eCoupon Abuse
- Account Hijacking
- Electronic Wallet Abuse
- Brand Promotion Hijacking.
“The competitive climate and the unpredictability of the economy does not leave organizations much margin for business error. Unfortunately, the stealth and savvy cybercriminals have advanced to a point where traditional security and fraud defenses on which businesses rely on are at best insufficient and at worst…obsolete,” commented Demetrios Lazarikos, RSA IT Threat Strategist.
“Business logic abuse hides in plain sight because it uses ‘legitimate’ processes for illegitimate gain. The problem requires universal visibility, a risk layered approach, and a new way of understanding the adversary. Isolating the outliers in crowd behavior that indicate attacks is critical for identifying malicious behavior and business logic abuse.”