More Related Content Similar to Holiday Shopping Wp Fact Point Final (20) More from Josh Castellano (6) Holiday Shopping Wp Fact Point Final1. Holiday shopping
How to avoid hits to network security,
worker productivity and bandwidth
availability when employees shop on the job
By Tim Clark
Partner and Senior Analyst
October 2012
2.
C
yber Monday—the Monday after Thanksgiving— is the biggest online shopping day of the
year. Employees who shop online are less productive, steal bandwidth away from
legitimate business applications, and open broader channels for malicious attacks on
corporate network. Cyber-criminals know where to find holiday shoppers (hanging out in
online storefronts or looking for too-good-to-be-true offers), and they will follow shoppers
back to their network for nefarious purposes.
Holiday shopping: the tsunami builds
In 2010, Cyber Monday sales topped $1 billion for the first time and became the biggest online
shopping day of the year. Cyber Monday sales in the U.S. now outpace online sales on Black
Friday. In 2011, Cyber Monday sales were up 33% from the year before, with total sales
numbers estimated at $1.25 billion.1
If online shopping took place at home, employers would have no concerns pertaining to their
network or productivity. However, roughly half of all online spending at U.S. websites on
Cyber Monday in 2011 occurred via work computers,2 up slightly from 2010. Also, shopping on
Cyber Monday hit its peak at 11:05 a.m. Pacific Time/2:05 p.m. Eastern Time, smack in the
middle of the workday.3
Online shopping’s productivity and bandwidth hit
The productivity hit from online shopping is not reflected solely in sales figures. Shoppers buy
across channels, researching purchases online but buying in store, for example. Such
multichannel shopping (which includes buying online for pickup in store and browsing in
stores, buying online) will be the dominant consumer path to purchases this year.4
Even employees who do not shop from work are affected by shoppers in the next cubicle.
Bandwidth-hungry video and downloadable gifts (more than 45% of shoppers expect to give at
least one downloadable gift in 2012)5 play a greater role in online retail, so the shopping
employee hogs bandwidth that others need for business-critical applications.
These issues will not disappear the day after Cyber Monday. Green Monday, the second
Monday of December, has trended as the second or third busiest day in online shopping.6
1
“Cyber Monday Spending Hits $1.25 Billion,” comScore press release, Nov. 29, 2011,
http://www.comscore.com/Insights/Press_Releases/2011/11/Cyber_Monday_Spending_Hits_1.25_Billion
2
comScore,
ibid.
3
“IBM
Benchmark:
Cyber
Monday
2011,”
research
report,
November
2011,
http://public.dhe.ibm.com/software/marketing-‐solutions/benchmark-‐reports/benchmark-‐2011-‐cyber-‐
monday.pdf.
4
“Holiday
Retail
Outlook
2012,”
Booz
&
Co.,
2012,
http://www.booz.com/media/uploads/BoozCo_Holiday-‐Retail-‐
Outlook-‐2012.pdf.
5
Booz
&
Co.,
ibid.
6
“Just
Another
Manic
Monday:
$1.1
Billion
in
Green
Monday,”
press
release,
Dec.
14,
2011,
comScore,
http://www.comscore.com/Insights/Press_Releases/2011/12/1.1_Billion_in_Green_Monday_U.S._Online_Spendi
ng.
All
Rights
Reserved
©2012
The
FactPoint
Group
and
Dell
SonicWALL
Page
2
3.
Another peak falls on Last-Ship Day, the last day online merchants can ship purchases to have
them arrive in time for the Christmas holiday.7
Policies
A 2011 survey8 found that 91% of companies and employees believe their enterprise suffers
productivity losses from employees shopping online during work hours in November and
December. A third put the cost at $15,000 or more—per each shopping employee. Many
enterprises have policy measures in place to limit or prevent employees from shopping online
using a work computer or smartphone. The survey found most common measures are:
• Technology enhancements to protect against web-based attacks (75%)
• Security awareness training (68%)
• Monitoring employees Internet usage (58%)
• Policies to address online shopping (55%)
Only 24% of survey respondents block retail websites, and 13% provide a “guest” or
segregated network and computing resources for employees to use for shopping and personal
online activity.
Shoppers open enterprise networks to security threats
In addition to creating productivity and bandwidth challenges, employee online shopping
opens broader channels for malicious attacks on corporate networks. IT networks are
extremely vulnerable in the three weeks after Thanksgiving, when most workers do their
holiday shopping. Cyber-criminal tactics evolve, but perennial favorites remain:
• Fake retail websites
• Holiday phishing
• Malicious holiday screensavers
• Typo-squatting/cyber-squatting (imitation websites that resemble legitimate
destinations using domains that are similar to legitimate stores)
• Malicious electronic greeting cards
• Bogus requests for charitable donations
Still, malicious hackers prize ingenuity. In addition to the perennials, mobile malware topped
last year’s list of most dangerous online scams9, and it is likely to appear again in 2012. Also
on the list:
• Fake Facebook promotions and contests
7
FactPoint
interview,
Oct.
17,
2012,
with
Donald
Foss,
global
director
of
professional
services,
load
testing,
Keynote
Systems.
8
“2011
ISACA
Shopping
on
the
Job
Survey:
Online
Holiday
Shopping
and
BYOD
Security,”
ISACA,
Nov.
1,
2011,
research
by
the
Ketchum
Global
Research
Network
for
ISACA
(formerly
Information
Systems
Audit
and
Control
Association).
http://www.isaca.org/SiteCollectionDocuments/2011-‐ISACA-‐Shopping-‐on-‐the-‐Job-‐Survey-‐North-‐
America.pdf.
9
“McAfee
Warns
Consumers
of
the
Twelve Scams of Christmas,” press release, Nov. 9, 2011, McAfee,
http://www.mcafee.com/us/about/news/2011/q4/20111109-01.aspx.
All
Rights
Reserved
©2012
The
FactPoint
Group
and
Dell
SonicWALL
Page
3
4.
• Scareware (fake antivirus software)
• Online coupon scams
• Mystery shopper scams
• Travel-related scams
• “Hot gift” scams
• “I am away from home” notices on social networking sites
For enterprises, security threats go beyond gullible workers getting scammed; a compromised
employee device can punch a hole in the corporate security system. Perhaps the most
dangerous scam to employers is identity theft because identity is not only personal but work-
related too. Hitting the consumer’s identity for dollars may not stack up against the prizes on
the corporate network (e.g., intellectual property, corporate strategy documents valuable to
competitors or foreign nations). Far vaster sums of money are at risk than a single consumer’s
credit card limit.
Additionally, mobile devices infected with malware from shopping can transmit the malware
onto the corporate network—regardless of where the device is originally infected. Mobile
computing and BYOD have taken the network endpoint device beyond direct IT control. This
enables workers to bypass security countermeasures and engage in dangerous non-work
activities on devices that subsequently access the corporate network. Social networks make
particularly attractive targets for cyber criminals, unless organizations like yours take
counter-measures. Popular social networking sites are becoming heavily spammed and are
subject to spoofing. For instance, Pinterest and Twitter users were recently directed to a
phony “Twitter Video” application on Facebook. Likewise, malicious hackers used several
online games to load adware onto unsuspecting users. Expect social networks and online
games as channels for attacks on corporate network for threats in the 2012 holiday.
How enterprises can tackle holiday shopping and its threats
Putting clear shopping policies in place and educating employees about the downsides of
shopping at work are a start, but enterprises may find that some technology-based solutions
are not helpful enough. Employees still need access to work-related Internet resources, and
overly restrictive policies can backfire.
Current solutions to protect against malware from personal online shopping (e.g., secure web
gateways and content filtering appliances) add cost and complexity to the enterprise
network. Compatibility issues with other infrastructure components are also a concern.
Most enterprises can agree on the goals. In addition to maintaining control of organizational
productivity and sustaining bandwidth availability for business critical applications, it is vital
to shut out the constantly evolving, advanced threats that gain ready access to your network
due to employee online shopping. You need to stop these intrusions, viruses, spyware, and
other malicious traffic at the gateway so they do not compromise your network.
Why an integrated security solution?
To put IT back in control of its network and security, move to an advanced security platform
that makes network security and control work seamlessly and dynamically together. Here’s
how:
All
Rights
Reserved
©2012
The
FactPoint
Group
and
Dell
SonicWALL
Page
4
5.
• Provide deep protection against viruses, worms, Trojans, spyware and intrusions, while
keeping enterprise levels of network performance.
• Utilize an application-intelligent firewall to filter unproductive activities such as holiday
shopping, so that business-critical applications (e.g., Salesforce.com) are optimized for
bandwidth.
• Allow bandwidth prioritization of critical applications while social media and gaming
applications are throttled or completely blocked.
A unique synergistic approach
A Dell™ SonicWALL™ Next-Generation Firewall delivers the advanced technology necessary to
stay ahead of continually evolving threats, and the productivity and bandwidth issues
associated with the holiday buying season. Utilizing Dell SonicWALL’s unique Reassembly-Free
Deep Packet Inspection® engine, these firewalls have the ability to scan every byte of every
packet and deliver full content inspection of the entire stream with control right down to the
individual user level. Our Next-Generation Firewalls integrate the same core URL/web
filtering functionality as secure web gateways, plus our solution offers unparalleled scanning
capabilities to deliver intrusion prevention, inbound/outbound malware detection, email
security, application control, inspection for SSL encrypted sessions at the gateway, and more.
Dell SonicWALL Next-Generation Firewalls with integrated URL/web filtering helps
organizations enforce their productivity and protection policies and block unproductive,
inappropriate and illegal web content. Granular bandwidth management capabilities enable
critical applications to have bandwidth prioritization, while social media and gaming
applications can be bandwidth throttled or blocked. Management complexity is minimized
compared to a firewall/secure web gateway combination, as all the functionality is managed
directly from the Next-Generation Firewall. In addition, Dell SonicWALL email security
solution deployed either as a service on the firewall or through a dedicated solution stops
phishing and zombie attacks, spam, and viruses with over 99% effectiveness, using multiple
proven, patented techniques including reputation checks that check not only a message’s
sender IP reputation, but also the reputation of its content, structure, links, images, and
attachments.
Conclusion
Controlling lost productivity, bandwidth prioritization and security threats from on-the-job
shopping requires both managing employees and deploying advanced network security.
Sophisticated firewall capabilities that include URL/web filtering, byte-level packet scanning,
and content inspection of the entire stream down to the individual user can help
organizations secure their networks and prioritize bandwidth for mission-critical or revenue-
producing business applications. In combination with corporate productivity and protection
policies, advanced synergistic technology, such as found in Dell SonicWALL solutions, can help
keep the enterprise more productive and safer, even with the distraction of holiday shopping.
About The FactPoint Group
The FactPoint Group (www.factpoint.com) is a boutique market research, consulting and
publishing company based in Silicon Valley. Since 1992, it has been helping technology
companies understand and communicate with their customers through custom research,
analysis and content.
All
Rights
Reserved
©2012
The
FactPoint
Group
and
Dell
SonicWALL
Page
5
6.
About Dell SonicWALL
Dell SonicWALL provides intelligent network security and data protection solutions that
enable customers and partners to dynamically secure, control, and scale their global
networks. Using input from millions of shared touch points in the SonicWALL Global Response
Intelligent Defense (GRID) Network, the SonicWALL Threat Center provides continuous
communication, feedback, and analysis on the nature and changing behavior of threats.
SonicWALL Research Labs continuously processes this information, proactively delivering
countermeasures and dynamic updates that defeat the latest threats. Patented10 Reassembly-
Free Deep Packet Inspection technology, combined with multi-core parallel architecture,
enables simultaneous multi-threat scanning and analysis at wire speed and provides the
technical framework that allows the entire solution to scale for deployment in high bandwidth
networks. Dell SonicWALL network security and data protection solutions, available for the
Enterprise, are deployed in large campus environments, distributed enterprise settings,
government, retail point-of-sale and healthcare segments, as well as through service
providers.
10
U.S. Patents 7,310,815; 7,600,257; 7,738,380; 7,835,361; 7,991,723
All
Rights
Reserved
©2012
The
FactPoint
Group
and
Dell
SonicWALL
Page
6