Under Attack?
Search
Menu

The Stages of Online Business Transformation Come With Benefits… and Risks

By Ben DesjardinsMarch 31, 2016

As a father of teenaged children, I sometime marvel at the level of network-connectedness of that younger generation. It is fair to say that for these and future generations, it will be next-to-impossible to be a productive member of society without surrendering to the myriad social media applications and other online platforms.

Our transformation to a fully-connected society is similar in many ways to the transformation business has gone through over the past 15-20 years, ultimately leading to a state where no business can exist today without having at least started down the path of becoming an online business.

The notion of the ‘online business’ was born in the mid-to-late 1990’s largely as brick-and-mortar stores took to the new platform of the World Wide Web. In 1999, the online sales of products sold through physical stores totaled approximately $20 billion, or nearly two-thirds of all sales on the Web. Today, ecommerce sales in the U.S. alone are over $335 billion, and are projected to increase to $523 billion by 2020.

But the idea of the online business is by no means limited to ecommerce today. The emergence of Software-as-a-Service, online transactional platforms and social media have extended the idea of a business run, or services delivered, largely online to a wider array of industries.

[You might also like: Securing Online Assets: Four Steps to Protect Your Online Business]

Stages of Connectedness

Businesses can be loosely categorized into different stages or phases of online transformation. The earliest stages would include adoption of online tools and resources to increase employee productivity and mobility. Few if any businesses haven’t made this leap.

Second phases of the transformation into an online business would be characterized by the use of online services or platforms to support partner or customer engagement or interaction. The extension of internal business processes to the outside world via the Internet in many ways represents the tipping point for broader exposure and risk.

Third phase would include deployment and management of online transactional platforms that become critical for revenue generation. Clearly any business engaged in ecommerce would fall into this category, as would financial services organizations conducting online transactions.

The final phase would be organizations needing to support globally deployed websites or applications reliably and securely to deliver services. This is a particularly important step as it comes with the need to make IT assets broadly available to the public, yet maintain security and protection of sensitive data.

Each of these phases comes with increased benefits but also increased threats from cyber-security. Organizations from online retailers (ecommerce), financial services, online gaming, social media or entertainment, and even the travel industry have transformed the way they do business and in so doing have become increasingly network-dependent. We look at protecting online businesses differently from others due to the unique nature and the heightened level of impact felt from cyber-security threats.

Targeted threats against online business

For online businesses, cyber-security threats pose particular risk as attackers seeking to take advantage of the knowledge that these businesses cannot afford downtime or loss of customer trust. In providing protection for a wide array of online businesses, Radware has a broad perspective on these threats. There are some common characteristics of the threats and the way online businesses respond to the risk they pose:

  • Sensitivity to website/service availability: for any business, downtime of websites or online services is bad. But for online businesses, the translation into revenue loss is direct and immediate. As a result, online businesses need to stay vigilant against the category of attacks that threaten service/site availability, such as DDoS attacks.
  • Risk posed by customer data loss: Online transaction fraud costs industry an estimated $3.5 billion annually. Much of this activity is attributed to the theft of consumer credit card information breached by application attacks that exploit online business applications.  The impacts of transaction fraud also extend beyond the immediate transactions. Consumers consistently say that if their sensitive data is breached, they will likely no longer conduct business with that merchant.
  • Sensitivity to latency: while downtime costs are obvious, it can be easy to overlook the impact on performance degradation. Any sources of latency, whether you’re talking about attacks or implementation of security controls, can have a significant impact. According to recent studies, 40% of customers now will wait 3 seconds or less before moving on to a competitor site, meaning the impact of performance loss is extremely tangible for online businesses.
  • Threat of encrypted attacks: Attacks leveraging encrypted traffic as an attack vector are on the rise, further challenging many of the cyber threat solutions currently in place. Most cyber-attack mitigation technologies do not actually inspect SSL traffic, as it requires decrypting the encrypted traffic. Online businesses need to ensure solutions can address the needs of high capacity mitigation, support all common versions of SSL and TLS, and can isolate suspicious encrypted traffic using behavioral analysis to limit legitimate user impact.

[You might also like: Your Risk Checklist to Protect Against Online Business Cyber Security Threats]

There are many ways organizations can look to protect themselves.  Large companies may have extensive security teams dedicated to implementing and managing the optimal security controls for their network.  In this type of environment, you are likely looking for the most comprehensive security technologies to support you.

However, not all organizations can afford to hire large security teams, but their need for cyber security protection is still as real and relevant.  For this kind of environment, you should seek out a security vendor that has extensive experience providing Online Business Protection to a wide array of customers in the core industries that make up the loosely defined segment.  You want this partner to be able to handle all kinds of attacks, from application DDoS, to volumetric floods, to SSL-based and other encrypted attacks, and more. You may also want a partner with the expertise to provide security as a managed service, minimizing impact on existing security resources.

Look for a solution provider that can build tailored architectures that map to the growing and evolving needs for protection. Three common architectures are defined in our new ebook, Opportunities, Threats and Security Strategies for Online Business. While ultimately the solutions architectures can be customized based on needs, these architectures have served a mix of customers well over the year. I encourage you to consider where you sit on the online business spectrum, and how enhanced security can help provide protection for critical network-based services.

online_services_down

Download the eBook “Opportunities, Threats and Security Strategies for Online Business” to learn more.

Download Now

Posted in: Attack Types & Vectors DDoS Security SSLTags:

Ben Desjardins

Ben Desjardins drives the development of vertical and use-case specific solutions for Radware’s Security Product Portfolio. In this role, Ben focuses extensively on the competitive landscape for anti-DDoS, WAF and anti-scraping technologies. Ben has extensive experience across a wide array of security technologies and disciplines, including DDoS, DNS, SSL, Threat/Vulnerability Management, IAM and PCI-DSS and he brings nearly two decades of marketing management experience to his work at Radware, including over 12 years focused on the information security and cyber threat arenas. Additionally, Ben has led global go-to-market efforts across many industries including retail, Ecommerce, financial services, public sector and healthcare/life sciences.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?