Retailers are currently preparing themselves for two very busy shopping days. Black Friday (28th November 2014) and Cyber Monday (1st December 2014) will see shoppers spend millions online.
Ross Brewer, VP and Managing Director for international markets at LogRhythm
Black Friday and Cyber Monday have become two of the biggest phenomenons in the shopping industry, and the dates that retailers – and consumers – from both sides of the pond now look forward to ahead of Christmas. However after a tough year, which has seen the likes of eBay, Target and OFFICE suffer data breaches at the hands of today’s cybercriminals, all eyes will be on retailers to ensure that consumers’ online shopping experiences are as straightforward and, most importantly, secure as they can be.
With so many credit cards being registered and used online, it’s no surprise that cybercriminals will be preying on as many shoppers as possible. As such, it’s now more imperative than ever for retailers to have the right procedures and defences in place to fend off the hackers’ sophisticated threats.
Indeed, it really is a case of when, not if, they will be targeted and retailers need to take more responsibility when it comes to protecting their customers’ confidential information – not just for their customers, but also for their own reputation. Recent breaches have already affected consumer spending patterns; with the public now much more wary of whom they trust with their details.
What retailers must not do is take shortcuts when it comes to protecting their customers’ data. If they aren’t continuously tracking and monitoring their networks for anomalous activity, then they aren’t doing a good enough job at proactively defending against cybercrime. Indeed, failing to do this and instead taking a reactive approach could seriously impact retailers’ Christmas trading figures going forward – something none of them can afford to risk.
Adam Kujawa, Head of Malware Intelligence at Malwarebytes
Users are always on the lookout for great deals, especially on Black Friday and Cyber Monday, and just with any other time of the year, malicious actors take advantage of these desires by creating “click-bait’ ads or posting links to “the best deal ever’, always leading to either a survey, a scam site or even drive-by exploits.
This time of year it is especially important for users to be vigilant when shopping online, make sure you only do your shopping at stores you trust, both online and offline. Avoid clicking on ads for “fantastic deals” or opening e-mails from unknown sources offering the same. There has been a lot of recently vulnerabilities disclosed for very commonly used software so users need to make sure and update their operating system as well as all relevant software like the browser, office tools and add-ons like Java or Flash.
Finally, users need to have the tools to defend themselves in case of an attack, this means utilizing anti-malware software, keeping it updated and always running it while surfing the net. Additional tools like anti-exploit software can make an even bigger difference in the fight against online threats as it can protect the system before the attack even finishes.
Patrick Peterson, CEO of Agari
With Black Friday and Cyber Monday just around the corner, we can expect to see a sharp spike in the number of sophisticated phishing emails being sent to compromise unsuspecting holiday shoppers. Designed explicitly to infect computers with malware or trick prospective buyers into handing over their personally identifiable and financial information, these targeted hacking campaigns are degrading email as a trusted communication channel between business and customer.
Unfortunately, it is increasingly difficult for people to differentiate between an authentic email or one which has been falsified. Cyber-criminals have the time, energy and resources to create very sophisticated replicas of emails normally sent by trusted brands. Given big name retailers have rarely been out of the data breach headlines this year, they must take the initiative to break the cycle of abuse. Worryingly, according to the findings of our TrustIndex research, 93 percent of retailers analysed in the report are ranked as “sitting ducks” for cybercriminals.
Businesses have an obligation to protect the communications they send to their customers. They need to urgently move away from simple signature-based methods for email authentication, and start using more intelligent and analytical-based solutions that continuously track cyber-criminal activity and monitor domain traffic in real-time. In doing so, email-borne cyber-attacks can not only be spotted well in advance and taken down, but also their point of origin in the world can be established. To look after their pre-Christmas shoppers properly, retailers shouldn’t skimp on security.