In the halcyon days of the internet, successful ecommerce used to be based around a well thought through proposition and a core of known and trackable variables, such as traffic data, user engagement statistics and conversion rates – to name a few.
Now, there are a host of new challenges vexing the online C-suite executive, many of which come under the heading of the rapidly growing problem of cyber security. Talk Talk’s high profile data breach is the latest example of a major brand left counting the cost of a sophisticated hack attack.
But not all cyber security breaches are so instantly visible, and now other big online brands – including retailers, publishers, banks and other financial organisations – are waking up to the new invisible threat of client side injected malware (CSIM).
For the co-founders of Israeli cyber security start-up Namogoo – CEO Chemi Katz and COO Ohad Greenshpan – the threat is more than just the inspiration for the company’s day job; it’s also in the name. “Namogoo” is the Hebrew word for vanished. CSIM can literally make your sales, profit and, ultimately, your brand reputation disappear. And if that wasn’t bad enough, as the brand owner, you cannot even see it or detect its existence. Until now.
N Brown Group deal
The company has already bagged $6m in funding in its first year of operation, and with the announcement in the same week of a new London base and a deal signed with specialist multi-channel fashion retailer N Brown Group – owners of the JD Williams, Jacamo and Simply Be brands – Namogoo’s star looks to be rising. So, what is CSIM?
As simply as possible, it is a relatively new but increasing threat to online brands which injects unwanted advertising and malware directly onto the consumer’s browser or device, making it very difficult to monitor and control.
The malware can take the form of product recommendations and deals, advertisements or spyware scripts that are injected into websites by extensions unintentionally installed on a customer’s web browser or device. Once the malware is installed, attackers can use it to lure customers to competitor’s sites, attack their online banking systems and steal private information.
Greenshpan explained: “The scale of the problem is huge – anywhere between 15 to 30 per cent of online users are infected with some kind of malware threat on their browsers. A client side script that sits within a user’s browser can literally do anything: steal personal data and payment information and completely change their online experience with injected ads and other content designed to lure them away to other sites.”
Katz added: “If anything, infection on the user side is much more sophisticated than a hack that targets the server owner, because on the server side it can be detected more easily, but on the client side you don’t always know it’s there. There is literally no trace on the client side in many cases.”
Brand owner responsibility
The phenomenon has grown rapidly in the past year, and it is estimated that currently one in three devices in the UK are infected with CSIM as online users unwittingly install the software whilst browsing the internet. iOS users are particularly at risk, with infection numbers rising from five per cent to 20 per cent on IOS devices.
And because CSIM is unknowingly installed on a user’s device and is not illegal – even though it can lead unsuspecting online users into danger zones with their personal data – it is the responsibility of online brand owners to take corrective action to stamp it out, according to Katz.
He said: “Unlike other forms of malware protection, users are not required to download any additional security components. We approach brand owners and show them the threats, and then they get it. In some cases, users are aware that their online shopping experience is being infiltrated with third party content, which is how the N Brown discussion started.”
Namogoo’s technology is now installed on all of N Brown’s leading fashion brand websites, and in recent trials with the retailer, Namogoo found a number of third party threats within 24 hours of installing the software, based on what the company describes as a “zero integration” solution.
N Brown head of development Jen Mossop Scott said: “As we continue to grow our online business, it is crucial that our customers know they are able to shop with confidence on our retail sites. Our recently created Innovation Hub trialled Namogoo and determined it was of great benefit to the customers shopping experience.
“It shows our ability to innovate to solve our customer’s problems by quickly taking an idea and measuring for success to ensure the ideal solution is delivered. We know that the new Namogoo technology will help ensure the optimum online experience free from distractions, but also that our customer’s security is protected. As a responsible retailer that puts our customers at the heart of everything we do, we cannot ignore the growing threat of CSIM.”
Black Friday threat
Other brand owners are taking the threat seriously, including major international banks, online publishers and other retailers with whom Namogoo is in advanced discussions. Epson has described it as: “The biggest threat to our customer experience we don’t know about.”
With key online traffic peaks looming in the UK, including Black Friday on 27 November and the Christmas shopping period, the threat is said to “more than double” at these times.
Said Katz: “We wanted to create a solution that could be deployed as simply as possible, without any IT support if necessary, using limited resources on our customer’s side. But behind it there are a lot of complex processes built around a single line of code that links into our back-end system”
Greenshpan said: “A single line of code sits on every page of a brand’s website, which is what makes our solution so simple to implement – but really it is in the back end where the complex work is done, and this is being developed and scaled all the time; as the threat mutates, so do our systems and processes to deal with it. It is a very robust and complex system.”
He added: “Typically, when we bring any new customer into one of our product trials, it is not unusual to detect hundreds of thousands of threats from malware injections within the first 24 hours of implementation. Over the course of a month, this can easily run into millions. As we work with our clients in the run-up to peak online activity, such as Black Friday and the seasonal online buying period, these numbers can escalate hugely, and in some cases more than double.”
Read more about Black Friday:
- Black Friday 2015: Big boom or big bust for British businesses?
- Two-thirds of Europe’s £1.5bn Black Friday spend to be powered by Britain
- Half of small UK retailers ignore valuable data ahead of £1bn Black Friday
Both Katz and Greenshpan have extensive complimentary experience in IT, online security, big data, online advertising and military intelligence, and both have set-up and exited from startups prior to founding Namogoo.
Said Greenshpan: “I met Chemi as part of a successful collaboration in our previous startups, and we found we had complimentary skills and great chemistry, which is what led to the focus on developing Namogoo. Both of us come from tech savvy security and ecommerce space, and also online advertising.”
Katz added: “The idea for Namogoo came from investigating the growing number of companies using injected malware as a route to capture customers, traffic and sales. We could see the potential threat to enterprises, and we started to develop technology to counter this.”
As part of Namogoo’s ongoing expansion, and recognising the UK as a major financial centre and home to some of the biggest online retail brands, the company has opened a new office in London’s Tech City.
Former Digital River executive Michael Joerin has also been hired as general manager, EMEA. Joerin will also head up sales and marketing in the UK and oversee the company’s expansion into Europe, Africa and the Middle East.
Michael said: “London was a natural fit for Namogoo. The UK is Europe’s major ecommerce hub with many large multi-nationals choosing to base themselves here. It’s is also a great place for tech startups to be right now; there’s a vibrant culture, a fantastic pool of talent and some really exciting things happening in tech. We’re already working with several UK enterprises so it makes perfect sense to base our EMEA operation here.”