we’re under attack! 

 

Christmas season sees the largest and most profitable traders start to gear up for the biggest sales season of the year. Online marketplaces like Amazon, eBay and AliExpress are looking to strengthen their sales throughout this critical sales period. 

 

In December 2017 the average weekly spend on Internet Retail was £1.1 Billion. A significant amount of transactions, but think about that even further... how much data is transferred during that period? Credit card numbers, address details and personal information, that’s a huge amount of data. Up until the past 18-24 months, you probably assumed that because a website had a ‘Padlock’ icon in the address bar, it’s secure. Have you ever asked what happens after the website is done with your transaction? What happens when you click ‘Order Now’? Where does your data go and is it secure?

 

let’s talk about GDPR

 

The padlock probably made you feel safe and secure as it indicates that you are visiting a genuine website. But what about App security? How do you know an App is secure? The simple answer is that you don’t. 

 

Take Uber for example. I love(d) Uber, it made travelling in London easily, I pressed a button in an App and I would be picked up and dropped off in no time without having to pay with any physical cash. However, it was recently revealed that Uber was hacked in October 2016 and attempted to cover it up. Over 57,000,000 records were breached and the company paid hackers to delete them and cover it up as a ‘bug bounty’. Imagine what data the hackers may still have and are not declaring? Your travel history, work and family addresses? All personal information that we hold dear and that has been compromised without public knowledge. 

 

A bug bounty is where tech companies ask hackers to find vulnerabilities within its software/platform in return for a substantial fee. However, as part of the payment, they must sign an agreement ensuring this information is never made public. 

 

Everyone assumes that your data is secure and nobody can access it. This, unfortunately, isn’t the case and it’s becoming more of a problem. Rather than a DDoS attack which is done with the intent of breaking a system and/or service. A Web Application attack is used to exploit a vulnerability in a system. Put simply, this can be compared to someone trying to break through your front door at home.

 

In the last Quarter of 2017 (July-Sept), more than 300 million Web Application Attacks were carried out worldwide. To put that into context, that equates to 2,240 attacks EVERY MINUTE!

 

why should we be concerned? 

 

Surely the people looking after our data, the CISO/CIO’s of this world are paid to do this? You would be right that they are but looking at the breakdown of these millions of attacks there is a statistic which is important:

 

“The No 1 source country for these attacks worldwide was the U.S, and the No 1 target country was the U.S. The number of attacks per target is up by 20% This means that attacks are becoming more persistent.” - theguardian.co.uk

 

Data security is one of the most talked about topics in IT right now and that will always be relevant. When you surf the web, buy your movies on Amazon or order your new boiler online, how much data are you giving away and how easy is it to piece it together?

 

You can’t prevent it when it is already broken, however, we can advise how to prevent it in the future. 

 

How vulnerable do you think you are?