The first nine months of 2018 have not been easy in cybersecurity circles. Reporting indicates that while breaches and records exposed are down slightly, the statistics are still staggering: 3,676 breaches and 3.6 billion compromised records, according to Dark Reading.
What does that mean for the online holiday shopping period about to begin? We canvased security-focused corners the web to look for forecasts and narrowed a long list of citations down to five reliable sources.
You’ll find those sources below and we’ve called out the sections we found interesting while also providing links for those interested in further reading.
1) Cyber Monday forecasted to break records.
There are many articles, blogs and tip sheets for consumers seeking cybersecurity advice in advance of the holiday shopping season, but perhaps retailers could use some wisdom as well. As one security watcher put it:
“The stakes are high for them too. Every recent year has set a new spending record, and 2018 is expected to do the same. Adobe Analytics predicts that Cyber Monday will again be the largest- and fastest-growing online shopping day of the year with a record $7.7 billion in sales – a 17.6 percent increase from $6.6 billion in 2017.”
More sales are likely to come with more traffic, more cybersecurity alerts and more network anomalies. In turn, this means more threat actors attempting to capitalize on unsuspecting or ill-prepared retailers and consumers.
2) Enterprise storage portals face increased phishing threats.
Storage portals and productivity suites “have become a prime target for enterprise-focused phishing scams” according to a pair of studies in an analysis by The Daily Swig.
“For example, 16% of the entertainment industry was targeted by Dropbox phishing pages. As attacks against Google Docs and Office 365 have increased, assaults on e-banking websites had dropped back into the background. For example, 23% of the construction industry experienced an incident related to Office 365 phishing pages, with another 13% related to One Drive.
Elsewhere, 4% of administrative businesses were directed to a Bank of America phishing page, with another 4% directed to DocuSign.”
The piece reports holiday shopping periods like Black Friday and Cyber Monday are an opportunity for threat actors to harvest new credentials.
Read more: Phishing fraudsters set their sights on online storage portals | The Daily Swig | John Leyden
Don’t miss these related posts:
7 Security Trends Shaping Intrusion Detection Technology
Leadership: 13 Big Cybersecurity Ideas for the CISO by CISOs
Four-Time CEO Says Corporate Culture is the Most Important Defense in Cybersecurity
3) Online payment at risk for skimming.
Ernst & Young sees online payment card skimming as a growing risk this online holiday shopping season. Online payment card skimming is conceptually like skimming cards at a physical ATM in that “an attacker captures the details of a payment card at the point of a transaction.”
The consultancy says several e-commerce sites have fallen prey to this scheme in the last few months and “the chances are this trend will continue.” This is because more than half of consumer retail organizations say they are “unlikely to spot a sophisticated cyber-attack” according to the Global Information Security Survey.
The author makes three recommendations that focused on ensuring routine IT hygiene tasks are getting done properly. These included updating patches and double-checking default settings where changes have been made, for example.
Read more: Avoiding the ‘cyber-attack’ blues this Black Friday | EY Transformation Blog | Gavin Cartwright
4) Online fraud fell 33% in 2017.
It may not be all doom and gloom. A study that looked at online fraud in 2017 found that “during the holiday shopping period of Black Friday through Cyber Monday, fraud dropped 33 percent.”
Of course, all things are not equal, and some vertical markets are more susceptible to threat activity, according to the study’s findings:
“Some sectors, such as financial services, are still experiencing higher-than-average fraud levels. In 2016, the financial services sector experienced a 57.4 percent spike in fraud during the Black Friday to Cyber Monday period (compared to the daily average). In 2017, fraud during this period was still higher than the average, but only by 18.4 percent.”
5) Consumers forgive previous breaches for a deal.
It seems consumers are willing to forgive a retailer if has experienced a breach under one condition: the retailer offers good deals. That’s the findings of a recent consumer survey that found “62% of respondents said they would be willing to shop on a previously breached website for the sake of a good sale.”
The study also found 49% of shoppers don’t “think about breaches” when shopping online, however, many do take precautionary measures such as:
“Customers reported paying closer attention to URL domains and email senders to confirm that emails are coming from a real retailer (61%), checking the email domain to make sure it matches the brand they are shopping (78%), and directly visiting a retailer’s site instead of going through emails or social media (54%).”
Read more: Cyber Monday shoppers will overlook past cybersecurity breaches for a good deal | Tech Republic | Macy Bayern
* * *
What’s the conclusion on the forecast for Black Friday and Cyber Monday? “It depends.” However, what is certain is the fact that the network is a critical part of a business. When a network is compromised the risks extend far beyond money and includes brand, reputation, customer confidence, and potential losses stemming from fines and fees. It’s a terrible thing to have happen anytime – so improve your defenses year-round – but especially for online retailers and financial services organizations given the high traffic volumes that accompany the holiday shopping season.
If you enjoyed this post, you might also like:
7 Simple but Effective Threat Hunting Tips from a Veteran Threat Hunter
*** This is a Security Bloggers Network syndicated blog from Bricata authored by ironcore. Read the original post at: https://bricata.com/blog/cybersecurity-black-friday-cyber-monday/