How secure e-commerce sites can survive the crunch

Opinion by Rob Houghton

Listening to popular media, you could be fooled into thinking that retail is soon to be delivered a fatal blow by a failing capitalist system.

Listening to popular media, you could be fooled into thinking that retail is soon to be delivered a fatal blow by a failing capitalist system.

Many commentators are certainly making a good living from predicting the early demise of the high street. These aggressive forecasts do, however, hide a serious point. The retail industry is dealing with tightening consumer purse-strings and a drought in institutional funding, creating a financial squeeze from both ends. The pressure is on.

Retailers are increasingly being forced to innovate to stand out, and their web presence has become the front line for doing battle with competitors. With fewer people going out to shop, these sites are now effectively 24-hour flagship stores. The figures stack up too, against a backdrop of declining consumer spending; analysts estimate that online retail grew by around 18 per cent between 2010 and 2011 across Western Europe. In the five years between 2010 and 2015, US and European online retail will be worth nearly $450bn. To put this in context, this is more than the Gross Domestic Product of Colombia.

Taking this into account, it is no wonder that online retail is a combat zone. It is seen by many in the retail space to be the white knight of retail. Retailers are literally spending millions on technology designed to improve their internet presence. This is where speed has become a crucial factor.

In a broadband age, shoppers will not wait for sites to load and videos to buffer. A few seconds of patience are all even the biggest brands are gifted nowadays. Evidence supports this: Google's work in decreasing the average page-load size from 100kb to 80kb produced a ten per cent increase in visitors in the first week, and a 25 per cent increase in the following three weeks. More importantly, however, speed affects the bottom line. found that for every extra 10m/s a customer had to wait for a page to load, it lost one per cent of all sales. The figures are definitive.               
Some of these factors are under the control of a retailer, and e-commerce sites have embarked on a diet, reducing average page-load times, or choosing technology that prioritises essential elements as they load. However, the one unknown variable outside of their control is that of the cyber criminal.  
Lurking in cyberspace with an IP address no more real than their handle, shady groups of individuals with a network of bots can hold multinational retail companies to ransom. Three or four individuals who have only ever met on a forum can, given the right circumstances, cause thriving e-commerce companies worth billions of dollars to grind to a complete and utter halt.   
This said, it is a lie to say that cyber criminals keep the majority of site managers awake at night. The multitude of tasks involved with keeping a well-trafficked online retailer running smoothly means that it is typically only when a site is under attack that this becomes a priority. However, when it does, it comes into sharp focus.
A sizable enough DDoS attack which brings a retail site down entirely obviously has the effect of stopping sales dead in their tracks. A dead site is the equivalent of rolling down the shutters on a network of shops. Customers cannot access the site and nothing can be sold. This simple fact becomes writ large in the CTO/CIO/site manager's mind, and the management team becomes involved. For a large e-commerce site, this can cost millions of pounds every day. The attack has become a business problem, rather than a technical one.  
However, these headline figures often detract from the secondary impact of such attacks. As stated earlier, retailers are working hard to optimise websites with the aim of building customer loyalty and, increasingly important in a social media world, customer recommendation. A non-existent site will definitely sour relations with customers; however, arguably a site slowed to a crawl can do more long-term damage to the brand. Customers expect to have full control of their online shopping experience and a slow site struggling under the burden of a DDoS attack runs counter to this. This not only means the customer will bounce elsewhere, but, more importantly, they will have a negative perception of the company and will share this.
The multiplier effect of this is potentially immense. In fact, people's first point of call after experiencing a slow or dead website of a major retailer is often Twitter or Facebook. Such online critiquing can only serve to detract from the brand and, ultimately, the bottom line. 

The economic climate means that those in charge of even the most technical parts of site management now have to think about doing everything possible to differentiate in order to drive revenues. What was once about technology is now increasingly about the customer experience and, by association, the brand. This is particularly the case when it comes to security strategy.

Security professionals at e-commerce sites need to be thinking in broad terms. This is not about protecting uptime figures and site speeds, but rather guarding brand value and, ultimately, keeping their employer competitive in the most vicious economic climate of modern times.

Rob Houghton is vice-president of products at Level 3


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events