Silver Tail Systems flags business logic abuse risk to UK firms


Web security vendor Silver Tail Systems claims some UK businesses are losing significant amounts of money by falling victim to hackers employing business logic abuse (BLA) methods.

According to the firm, BLA is the term used to describe when hackers abuse the legitimate functionality of websites for malicious reasons or financial gain.

Speaking to IT Pro, Jason Steer, solutions architect for EMEA at Silver Tail Systems, said it can be difficult for companies to detect BLA attacks, but any business with an online presence is at risk.

A criminal doesn't behave in the same way a normal customer does.

"We see successful attacks happening on ecommerce and banking sites where the [perpetrator] can be in and out in seconds and the business doesn't know about it until a consumer flags up that they have lost an amount of money, for example," he said.

Research carried out by the Ponemon Institute on behalf of Silver Tail Systems, featuring responses from 400 UK firms, claims that one in five businesses lose more than five per cent of their annual revenue to BLA.

The economic impact of BLA can be keenly felt as many online businesses do not have financial buffers in place to protect them from criminal activity.

"In the bricks and mortar retail world, there's this concept called shrinkage...that if something in their shop gets knocked over or broken, it will not affect the bottom line because it is built into their business plan," he said.

"In the online world, there is rarely any accommodation made[for that sort of thing]."

Steer warned that it can be difficult for companies to tell the difference between a criminal and a legitimate shopper, but there are a few telltale signs, advised Steer.

"A criminal doesn't behave in the same way a normal customer does. Someone clicking through a website would follow a common sequence of pages because that's the way it is designed," he said.

"What you need to keep tabs on is if this user is jumping through an odd sequence of web pages and visiting ones no one goes to anymore."

Nick Edwards, vice president of marketing at Silver Tail Systems, said there are ways and means of protecting a business against BLA.

"[These] attacks can cripple a company in the short-term and create long-term damage to organisations' reputations," said Edwards.

"UK companies need to put provisions in place to identify these threats and protect not only themselves, but also the monitoring real-time data from their web traffic."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.