We all know that black Friday is one of the busiest shopping days of the year. Traditionally, it's the start of the Christmas shopping season and the day that retailers go from being in the red, or losing money, to moving into the black. A recent phenomenon is that the Monday following black Friday is cyber Monday, the day that kicks off the online shopping season and one of the busiest days for online retail transactions.
Online retailers will be at their most vulnerable on this day. Hundreds of thousands of transactions will take place and millions of dollars will turn to the cloud for additional capacity.
I recently interviewed Georg Hess, CEO and co-founder of Art of Defence, a company that makes Web application security products for the entire lifecycle. I asked Georg about his concern for cyber Monday. He shared the following:
"Recent research from Whitehat shows that 64% of websites currently have at least one serious vulnerability, the most prevalent being Cross-Site Scripting (XSS), and it takes the industry roughly 67 days to fix these web vulnerabilities. It is startling to think about what could happen during that time-especially those who are using the cloud as a back-up resources, as the holiday season is about 42 days long (6 weeks). Companies are putting themselves at risk if they do not protect their Web applications from these vulnerabilities."
Despite my best efforts to patch and protect my home computers, my son managed to pick up a piece of malware before I lent him one of my credit cards. For the past few years, I have let my kids do some Christmas shopping online on cyber Monday. I am planning on passing this year. Besides dealing with the current issue with the credit card, I don't want to have to deal with my credit card number being stolen online as well.
Now, I don't want to cause any problems for online retailers. This is clearly my issue and I don't expect there to be any problems. However, I don't feel that most online retailers are prepared to shift capacity to the cloud and deal with security. For instance, Amazon has a service that will allow organizations to use their current infrastructure, firewalls and security tools, while connecting through a VPN. We have no historical data to reference on how organizations will do this year. Last year we had a few companies using the cloud. And a recent report by InformationWeek showed 66 percent of respondents surveryed have money in the budget for cloud computing. This year has seen an increase in cloud use and hackers trying to steal data from the cloud. We'll watch and see what the outcome is when the two trends meet.