Sonia Burney

Holiday 2016 Part 2 - Is Cyber Monday Still the King of Online Sales?

Blog Post created by Sonia Burney Employee on Dec 1, 2016

Holiday season has now begun, with Black Friday and Cyber Monday to kick us off. Coming to a close on these online retailer events, Akamai successfully delivered peak event traffic in a secure and optimal fashion.  In this blog post, we intend on analyzing the results from this initial holiday season kick-off and demonstrate a comparison between Black Friday and Cyber Monday this year.


During this time of the year, increased amounts of web traffic and security threats are observed year after year. The so-called "Holiday season" for retailers generally starts towards the end of November with peak retail events including Black Friday and Cyber Monday, both online and in-store. This year, however, holiday season started early with a rise in both traffic as well as security related hits in the beginning of November. It now appears that the whole month of November proves to be a month of peak activity including Veteran's day sales as well as the weekend/week leading up to Thanksgiving.


Web Traffic At a High Level

This year, online retailer traffic on the Akamai platform steadily increased as the month of November progressed. Higher volumes were observed on Black Friday versus Cyber Monday based on these results, which suggests end users trending towards shopping online earlier rather than waiting until Cyber Monday sales. When we look at the numbers, we see 14% more traffic volume on Black Friday versus Cyber Monday suggesting that more people shopped online on Black Friday vs Cyber Monday.  In no way does this imply end users preferring online shopping versus in-store shopping; however, the increased usage in mobile devices in addition to the increased availability of online retail encourages these types of traffic trends that are observed this year.


Trends among the industries

Diving into more specific subsets of traffic, a sample was taken to represent several industries and it was observed that many of the below industries saw a reduction in traffic volume from Black Friday to Cyber Monday. Again, this confirms that end users are using online retailers earlier than expected, rather than waiting for Cyber Monday. An outlier was observed when sampling domestic fashion brands, which demonstrated a surge in traffic volumes (57%) on Cyber Monday, so it does appear that online shopping is preferred domestically for a select number of online retailers on the Akamai platform (which adheres to the fact that Black Friday and Cyber Monday are domestic events). While the below estimates represent a sample of data, majority falls in line with the overall numbers when looking at Akamai’s entire holiday customer dataset.


Black Friday vs. Cyber Monday 2016

Not only did the volume of traffic deviate between Black Friday and Cyber Monday, but the number of unique visitors, according to the device/platform, did as well.  Enough to suggest that more and more shoppers are using online devices to get their shopping done, even before Cyber Monday.  Taking a look at a select set of platforms, ones with the most unique visitors, across the sampled industries mentioned above, the trend towards earlier online shopping is more apparent.


Below represents the number of unique visitors per major platform on the day before Black Friday, the day of Black Friday, the day before Cyber Monday, and the day of Cyber Monday.


A few trends to note with the below data:

  • At a high level, it was observed that there was more web traffic on the day before/of Black Friday versus the day before/of Cyber Monday, across most devices.  This is especially true for the purchase of electronic goods and gadgets, where we see about a 27% drop in unique visitors, going from Black Friday to Cyber Monday, across the devices in the graph (un-bucketed/undetermined device types are not included in these graphs or calculations).
  • Across all but the gaming industry, the data suggests that mobile devices were accessed more for online shopping versus desktop platforms.  For gaming, the trend continues to be desktop, and more specifically, Windows platforms. Additionally, across all but the gaming industry, there are more unique visitors accessing these sites via iPhoneOS devices vs Android devices.

If we correlate the data above suggesting the different deviations in volume to the data below, a few assumptions can be made.  For Electronics/Gadgets, Gaming, and International Shopping Brands, the deviations indicate a drop in volume of edge data which also impacted the number of unique visitors based on the popular set of platforms.  But not necessarily showing a 1:1 correlation, just a drop in both the volume and the number of unique visitors.  For Domestic Fashion Brands, the volume increased by 57% and if we look at the below data for Black Friday and Cyber Monday, instead of an increase, a drop in the number of unique visitors is observed.  Now why is that?  There are a few possibilities to consider.  First of all, the data represents a specific set of platforms, not including those that are not labeled/bucketed.  Second of all, the number of unique visitors could have decreased on Cyber Monday due to the fact that more of the same individuals purchased more of the domestic fashion brands, throughout the day, causing a higher increase in volume, but not necessarily the number of unique visitors.  These assumptions based on the data available suggest the early start nature of shoppers during Black Friday versus Cyber Monday and the days before both holidays.


Are Security Threats on the Rise?

From a security point of view, security threats remained somewhat consistent throughout the month of November. An increase was observed around Veteran's day sales as well as the week leading up to Thanksgiving. That being said, the overall numbers show us that the security space is constantly changing in terms of what we can expect:


What’s the most popular attack vector this time around?

Observations from Wednesday 11/24 to Monday 11/28 suggest that attackers did not target online retailers in large volumes (such as DDoS attempts), but really the focus was on using other types of attacks such as SQL, XSS, etc throughout the whole month. Looking at the breakdown below, it is apparent that attackers are trending towards more subtle methods in delivering attacks rather than using brute force methods in high volumes.

Is Black Friday turning into the new Cyber Monday for attackers?

As Black Friday implies more in-store shopping versus online shopping on Cyber Monday, it appears that the trends are changing for both end users and attackers. Online shopping begins early for end users and so, attackers start targeting online retailers early as well. More WAF activity was observed on Black Friday vs Cyber Monday - we saw a 6% decrease in the overall blocked or denied activity from malicious end users on Cyber Monday. While this is a small percentage, this represents a large volume due to the high levels of web traffic during this holiday season.


Is Cyber Monday starting early?

In looking at security related activity for Cyber Monday traffic, it was observed that increases in WAF activity and web traffic occurred Sunday 11/27 evening when online retailers just began early sales for the Cyber Monday event. More specifically, throttling mechanisms as part of Visitor Prioritization were triggered during this time, which indicates the increase or surge in end user traffic during the initial sales period. Is Cyber Monday turning into Cyber Weekend for both end users and attackers?


Looking Back at Holiday Readiness

In an earlier post regarding holiday readiness Holiday Readiness 2016  , a few suggestions included the following so let's review the observations following the Thanksgiving weekend events.


Enable Visitor Prioritization before peak traffic events

This technique simply throttles end user traffic in order to avoid flooding back-end web infrastructures. With regards to the observed trends this year, it has become apparent that customers made use of this functionality and proved to be useful based on a high volume of traffic triggering Visitor Prioritization functionality on Black Friday and Cyber Monday, since many users turned towards online shopping. With this surge in traffic, one can only expect to observe a surge in security attacks as well - a correlation was observed between Visitor Prioritization throttling and WAF activity which proves the obvious, peak events attract malicious end users.


Tune WAF policies

WAF alerting was at an increase in the weeks leading up to Thanksgiving, mainly after Veteran's day which suggests many customers working towards tuning WAF policies by executing vulnerability scans and/or creating new policies before major events. With WAF rules tuned in deny, many malicious attempts were blocked throughout the online retailer peak events. While many worked towards readying security policies, many policies generated an increase in WAF alerts during the peak events as well which suggests that policies must be further tuned before the holiday season begins. It is recommended a snapshot of the holiday traffic be taken from both a web traffic and security point of view, so that this information can be used in the next coming year(s) during holiday readiness season.


How Much $$$ Did End Users Spend Online?

While Akamai holds many online retailers’ traffic on the platform, payment or transaction methods are also being securely optimized on the platform as well. When we look at a smaller subset of web traffic with regards to these transactions, more volume was observed before Thanksgiving Day on Wednesday 11/24 as compared to Black Friday and Cyber Monday. This observation correlates to the fact that sales begin early and so end user shopping begins early as well with an increase in online transactions.


In looking at the security threats over the smaller subset of online transaction traffic, it was observed that more WAF activity occurred on the days leading up to Thanksgiving, Black Friday, and Cyber Monday rather than the peak event days themselves. While attacks continue throughout the peak events, we have two possibilities for this type of pre-holiday activity: Either customers are performing vulnerability scans to prepare for the holidays, and/or attackers are targeting online transactional vendors early on and so holiday readiness not only applies to online retailers but other vendors as well.


Given the trends from both a performance and security point-of-view, it is becoming clear that the holiday season starts earlier than planned or expected.  Shoppers are trending towards an online experience, not only on predesignated online shopping holidays such as Cyber Monday, but also on holidays like Black Friday where we see a significant jump in the number of online shoppers. With that, holiday readiness planning should start early in the next coming years as we continue to see early activity so that the Akamai continues to ensure security, performance, and availability.


Please contact Sonia Burney and Sabrina Burney for any questions.