Whether the remarkable discounts appearing on Walmart’s website earlier Wednesday were the result of a systems glitch or computer hackers remains unclear, but the latter would provide a clear illustration of how even the largest, most sophisticated businesses are at risk from cyber-crime.
Companies have tended to decline commenting on what appear to be attacks by hackers, to avoid giving credit to the “bad guys” and revealing weaknesses to customers. For instance, said Julie Conroy, research director at Aite Group, last year’s prevalent “denial of service” attacks on banks prompted many financial institutions to call them “systems outages.”
If Walmart’s website was indeed attacked, reportedly resulting in products selling for 5 percent or 10 percent of their normal prices, the company has almost certainly charged a team of experts promptly with identifying the point of compromise and patching the vulnerability as soon as possible. Then, said Ms. Conroy, most companies Aite Group has spoken to will address the issue strategically, analyzing the threat and the company’s current defenses, and then planning several steps ahead how to address it.
“That’s been especially tough for banks, which normally have an 18-month development cycle,” Ms. Conroy said. “So a number of them are struggling with how to become more nimble in confronting these threats.”
Treasury executives would almost certainly be included on the team.
“If it turns out to be just a systems glitch, they would be pounding the table to find out how it could happen in a production environment, and they would be deconstructing the issues that led to it,” Ms. Conroy said.
If a cyber-attack, they would be working closely with security executives to decide on the best tools to counter future attacks. Ms. Conroy said treasury folk would be especially concerned about the benefits to ramped up security as well as the potential costs, given increased security measures can negatively impact the customer experience—particularly relevant for retailers.
“There’s less tolerance for something like that in the online purchase environment compared to the online banking environment,” Ms. Conroy said. “If I get frustrated with the hoops I have to go through on the Walmart website, I can quickly move over to Amazon.com.”
Whether Walmart will voluntarily honor any sales made at the subterranean prices remains unclear, and as of 5 p.m. Wednesday neither Target nor Best Buy had commented on how they reacted to consumers seeking to apply their price-matching guarantees.
Clearer is the near certainty that whether the Walmart incident was a cyber-attack or not, the incidence and severity of such attacks will continue to increase. Arbor Networks, a Burlington, Mass.-based provider of cyber-attack solutions released a study October 16 of Internet traffic passing through its system, finding that attack sizes so far in 2013 have increased dramatically in number and size over 2012.
For example, 54 percent of attacks as of October were over 1 Gb/second, up from 33 percent in 2012, and the average attack size increased to 2.64 Gb/second, up 78 percent from last year. More concerning to larger companies, attacks over 20 Gb/second have increased by 350 percent from last year, Arbot Networks says, and the largest monitored attack was at 191 Gb/second.
Walmart did not respond to an inquiry about what prompted the price glitches.