Trends in cybersecurity show that data breaches peak before and during the holiday shopping season. This is due to the extra web traffic and high order volumes. As such, it is imperative for retailers to be prepared to respond to data breaches during this season.
IT News Africa’s Jenna Delport chatted to Sheldon Hand, head of security software and services at IBM Southern Africa, about the ways companies can address significant gaps in retail cybersecurity and ensure that they are prepared for future attacks during the festive season. Here’s what transpired:
Why do payment security threats peak before and during the holiday shopping season?
The holiday sales rush spells payday for retail cybercriminals. While serious compromises and attacks do of course occur during the holidays, attackers often do their dirty work earlier in the year so they can reap the benefits during the holiday shopping frenzy. Often, attackers infiltrate systems and then spend months stealthily collecting data, and then using this to commit cybercrime during the holiday season.
How can retailers and consumers prepare to respond to data breaches?
For consumers, educating themselves on security issues is key. With all the warnings issues during the holiday season, the hope is that users may actually be more wary and are hesitating before they click on the dancing Santa in the holiday e-card that installs malware or the flashing “Discount” image that leads them to a malicious site. The extra seasonal vigilance may lead to fewer attack attempts.
What kind of cyber-attacks are consumers and retailers at risk of experiencing?
This year many organisations across all industries faced unmanageable levels of cyberthreats brought on by the changing threat landscape, the risk of exposure, and an ever-growing attack surface.
Phishing and malware continue to be relentless threats, leveraged by cybercriminals. Attackers use the holiday season to their advantage via spam, phishing and compromised websites, and we certainly see an increase in malicious holiday-themed activity at this time of year. Attacks involving malicious documents and links are some of the most prevalent attacks, with the intent almost always to have the victim download malware.
Consumers need to be diligent during the holiday shopping season. Cybercriminals are trying to entice consumers to click suspicious links by offering deals and tapping into their curiosity. It’s all about following some security basics to keep shoppers safe this shopping season.
We’re also seeing a small tactical shift among attackers, from targeting a few large organisations to targeting a larger number of smaller businesses. One theory behind this shift is that a lot of little payoffs will add up the same as a few big ones. Then too, large breaches can often be less effective because the compromised credit cards get shut down much faster than if a smaller business is targeted. In a large compromise, the retailer provides all the affected credit card numbers to the bank, which deactivates them immediately, but when a small company is targeted, those cards might stay active until they’re caught individually, one by one.
Smaller companies may also lack the resources to discover the compromise, allowing attackers to reap the benefits for a long time. Compromises of large businesses are still happening despite the trend towards smaller targets.
Do cyber-attacks come with an element of financial risk? If so, what is the risk and how can retailers and consumers best mitigate it?
An organisation caught unprepared during a cyber incident stands to lose millions of Rands. Cybercriminals are always seeking new methods of financial gain. Over the last several years, ransomware has become a popular choice for cyber attackers. However, criminals are increasingly developing various tools and tactics that infect the systems of both corporate servers and individual users by spreading cryptojacking malware to do the work for them.
It’s crucial that retailers have a holiday game plan. Sometimes it only takes one sophisticated targeted attack to cause substantial financial loss and damage to an organisation’s brand. Some things can be done to prepare for cyber-attacks before and during the holiday season:
- Keep patching: Don’t ignore patches during the holidays, and be sure you patch all systems dealing with financial data appropriately. Criminals have a lot to gain if they’re successful, and patching can keep them away from the new vulnerabilities they want to exploit.
- User education: Users have become wary of holiday-themed phishing techniques, and this appears to have had some success in thwarting attack attempts. Consider implementing a phishing awareness campaign a few weeks before the holiday season to test users’ ability to identify phishing attacks. Also, arm employees with the skills they need to identify suspicious activity both on the phone and in the store.
- Prepare holiday staff: The employees left to hold down the fort don’t have time to figure out the appropriate escalation path during a crisis. Make sure your incident response plans are up to date.
- Encourage smart shopping: Warn your consumers of the potential for a lurker using a mobile phone to record their debit card PINs at checkout.
What can consumers and retailers do to ensure they’re prepared for cyber-attacks during the festive season?
As the IT environments of retailers evolve, attackers are targeting users of cloud services and misconfigured cloud servers are exposing customer and employee data. Organisations should check and monitor settings on cloud services —do not maintain default settings.
Retailers must vet third-party cloud vendors for high-security standards before choosing to do business with them. Organisations need to ensure you are aware of who controls each component of their cloud infrastructure and define policies for where and how security measures are deployed – and implement the same security policies they would employ for classic IT infrastructure.
Retailers often rely on vendors or third-party suppliers to carry out a range of services – making them vulnerable to attacks in this area. The exploitation of an organization’s supply chain or third-party relationships can allow attackers to gain access to their primary targets. To mitigate this threat, organisations must vet third parties for high-security standards before choosing to do business with them.
By Jenna Delport
Follow Jenna Delport on Twitter
Follow IT News Africa on Twitter