Thursday, December 2, 2010

I Missed Cyber Monday

by Jeff Jilg, Ph.D.

Holy smokes — I’m a computer guy and I missed Cyber Monday! Heck, I was so out of the loop that I didn’t even know there was a Cyber Monday. I’m sure you, like everyone else on the planet (except me), already knows this, but Cyber Monday is the Monday after Black Friday. And Black Friday is the Friday after Thanksgiving – one of the biggest shopping days of the holiday season.

The objective of Cyber Monday is to have online discounts available to those who window shopped on Black Friday but didn’t buy anything. There were coupons and discounts galore for those wanting to “save” big money on Cyber Monday. The rub is that you have to spend money to save money.

And of course, that made me think of security.

Almost nothing is ever really discounted, including good security. You may think your computer or even your whole datacenter is secure after it is initially configured, and that you should get some “discount days” after that for everything to remain secure, right? The problem is the hackers never stop. And for all I know, they anticipate all the configuration changes that are made by online merchants, hoping to find some mistakes they could exploit.

As a security consultant, I get to evaluate different products in different environments from customers both small and large. The most impressive thing is that all of them generally do their best to set up secure systems. In many cases, I have seen some very impressive configurations. But, it is challenging for online merchants to setup and maintain a secure environment.

A typical consumer might look at the ssl lock symbol on his browser and believe it means the transaction is secure. The hard part for online merchants is to do all the backend server work to ensure that lock symbol really is secure.

I generally trust most large online merchants. They have internal auditors (and also often have external auditors like atsec information security) review their environments at least on an annual basis for Payment Card Industry (PCI) compliance. Every merchant I have interacted with wants to be secure, and many of them are. I’m just like everyone else, since I trust them, I unabashedly use my credit card online. To date, I have been fortunate to have no issues.

But for me, Cyber Monday was a non-event. I come from that generation where there didn’t used to be a “cyber,” so the Monday after Black Friday was, well, just a regular Monday after a nice four day weekend. At least I know what it is now, so I don’t feel so out-of-the-loop.

If you have read through this article, you probably are interested to know about the gazillions of coupons I mentioned finding on the web. I don’t know if they all cropped up during Cyber Monday, but now that I know they are out there, maybe I’ll pull out some credit cards and start a spending spree! At least I’ll rest easier tonight and won’t be caught offguard during my next lunch with techie friends.

Are there other special cyber days I should know about? If you know of any, please keep me in the loop.

No comments:

Post a Comment

Comments are moderated with the goal of reducing spam. This means that there may be a delay before your comment shows up.