04 January 2018
| Gareth Willmer
As shopping activity surges at this time of year, what is the impact on carrier security? Gareth Willmer looks at the issues
It’s that time of year
again, when shopping goes into overdrive. The rise of online
activity for events such as Black Friday and Cyber Monday,
followed by the Christmas period, creates a massive surge in
internet traffic in some countries.
The figures suggest that online sales in the US alone topped
$5 billion this Black Friday (24 November), and e-commerce
giant Alibaba reported sales of $25 billion during
China’s Singles’ Day on 11
It may seem that such surges, during which fears of cyber
attacks on shoppers and retailers can rise and telecoms
infrastructure might already be under stress, would logically
pose a heightened threat to the security of carriers and their
networks too – especially given the rise in
distributed denial-of-service (DDoS) attacks alongside the
growth in the internet of things (IoT). But how much of an
impact do such days really have on carriers’
Telecoms carriers tend to say their networks are already
built to cope with surges in traffic throughout the rest of the
year for events such as big sporting occasions and new product
launches, meaning they are well-placed to deal with security
demands no matter what day it is. And the wide-scale, often
global reach of major players aids insight into traffic.
Chris Richter, VP of global security services at
CenturyLink, says there is sometimes an uptick in cyber attacks
during events such as Black Friday and Cyber Monday –
though there is not necessarily a direct, verifiable
correlation between increased traffic and attack attempts.
"We do sometimes see a spike in that kind of activity around
the holiday season," says Richter. He explains, for example,
that the heaviest recent DDoS activity in the last couple of
years has been on 26 December, when many people both shop in
online sales and start up their new gaming devices after
Richter says CenturyLink’s network is, however,
already well-prepared, without having to make special plans for
these particular events. This is because it is set up to deal
with heightened traffic and large volumes of attacks,
mitigating between 100 and 120 DDoS attacks every day.
"We’re an organisation that handles more than 1.3
billion security events every single day and we’re
also monitoring and reporting on over 3 million computer
systems every day across our customer base," Richter adds. "We
have to be at a heightened state 24/7."
So Richter claims that while such events pose a heightened
threat to many retailers, which need to make adjustments to
cope with seasonal spikes, CenturyLink itself does not
necessarily see any greater threat to its network or
In addition, if the US carrier’s threat
intelligence platforms detect suspicious activity and
predictors of attack that threaten customers, it can help
customers prepare in advance for these. The company has,
meanwhile, been stepping up the application of machine learning
for attack prediction, and has a large network of scrubbing
centres and products such as its Adaptive Threat Intelligence
service for enterprises and wholesale customers that offers
global threat analytics to identify attack patterns.
AT&T reiterates this ethos of vigilance throughout the
year in its own practices. The company applies the same rigour
with threat detection and pre-emption efforts on these
high-volume shopping days as on any other day, says Brian
Rexroad, VP of security platforms at AT&T. "There are
significantly large numbers of important transactions every day
of the year that also deserve a high level of attention."
Rexroad acknowledges that there is some increase in
transactions during events such as Black Friday and Cyber
Monday, but says this is not particularly notable given the
overall capacity of the network, with an average of 186
petabytes of data crossing AT&T’s network each
"There is no increase to security threats during the
surges," he explains. "There is some increased probability that
attackers might attempt to disrupt transactions to attract
attention, but this scenario is generally rare."
Nonetheless, he claims AT&T does increase its level of
attention to any security events that might impact commerce
transactions, and is sensitive to any perceived changes in
network traffic during the holiday season.Rexroad says the
company’s DDoS mitigation capabilities allow
attack traffic to be filtered and scrubbed in an automated
fashion, without customers having to deploy or manage any
At BT, meanwhile, Steve Benton, GM of cyber and physical
security operations, says the company has well-practised and
prepared "playbooks" to deal with any issues with traffic peaks
throughout the year – and that peaks during major
shopping events are not out of line with those that BT sees
across the year.
"We are scaled to be able to cope and flex with that," he
says, with other surges around sporting events and things such
as new iPhone launches. And he points out that commercial
entities also seem to have started spreading their offers more
across the year to help minimise potential issues.
Across security as a whole, BT is seeking to take an
ever-more in-depth view. "We are very much shifting towards a
big data approach to security, so we are using our cyber
security platform, which is a modular big data architecture
that draws in lots of information from across our enterprise,
enriches it, correlates it, and allows us to find those
interesting things that need to be looked at more deeply," says
Although major carriers believe they are already well
their past experience to deal with surges during big
shopping events, they also think retailers themselves need to
be on the alert for issues.
From its previous research, Verizon says it has not
witnessed significant spikes in cyber activity around the
retail space during these peak times – "but obviously
more shoppers purchasing online or in store increases the
number of opportunities that may be presented to cyber
criminals", says Laurance Dine, managing principal for
investigative response at Verizon.
The company therefore has recommend-ations for retailers to
protect against breaches – although highlighting that
these apply at all times rather than just in the holiday
These include vigilance about evidence of device tampering,
using the latest methods to encrypt data, and ensuring robust
policies for processing customers’ payment cards.
Verizon helps cust
omers put these into practice through professional services
consultants and security teams.
Verizon, meanwhile, plans to continue evolving its security
offering in 2018 to make it even more embedded in its platform
– offering more end-to-end managed security
infrastructure for the network, developers and
"In today’s threat landscape, it’s
all about global scale – but openness and informa
tion sharing to combat the bad guy, both online and in the
real world, will also become the norm," adds Dine.
Like other carriers, though, he stresses that "we see the
ongoing security of our network as a crucial component every
day of the year. Security isn’t a one-off
activity; it is an ongoing process."
A number of industry observers also say that carriers are
well accustomed to dealing with surges aside from those on
these peak shopping days. "There are many other events that
create increased traffic that carriers are used to handling,"
says Mike Sapien, VP and chief analyst for enterprise services
in the US at Ovum. "There may be some slight increase in
threats due to the volume, but I don’t believe it
is directly proportional."
Vitaly Mzokov, solution business lead at cybersecurity
company Kaspersky Lab, says, however, that although Kaspersky
has no evidence of, for example, more DDoS attacks on these
specific days, major surges in traffic can pose a threat to
He adds that cyber incidents during events like Black Friday
have demon-strated "that telecoms providers are still in the
process of reviewing their own concepts of providing both
reliable and secure infrastructures for enterprise-level
On the other hand, says Mzokov, Kaspersky’s
detection data on financial malware and financial phishing has
recently showed no major variation between the number of
attacks on Black Friday, Cyber Monday and Singles’
Day compared with the rest of the year.
Meanwhile, Steve Wallage, managing director of BroadGroup
Consulting, says that from a data centre perspective,
heightened traffic has the potential to cause a headache for
data centres, where he says server utilisation is often at a
level of about 10% – so there may be some concern if
this peaks. However, historically the main concern has been
performance and the risk of outages rather than cyberattacks,
Ultimately, one key message seems to be that carriers need
to remain proactive to stay ahead of the game. This type of
approach can be summed up with the way that AT&T is moving
in this area.
"To continue to pre-empt attacks, we are accelerating our
own pace of innov-ation, aggressively implementing automation
to minimise threat exposure, and advancing managed security
service offerings to help customers protect themselves from
threats," says Rexroad.