During the pandemic, 81% of global organizations experienced increased cyber threats with 79% experiencing downtime due to a cyber incident during a peak season, McAfee and FireEye reveal.
2021 holiday season cyber threats
As the 2021 holiday season approaches, supply chain and logistics, e-commerce and retail, and the travel industry see predictable increases in consumer and business activity – making them more vulnerable to cyber threats and leaving business, employee and consumer data at risk.
“It is imperative all businesses prioritize security technology to keep them protected, especially during the peak holiday season,” said Bryan Palma, CEO at McAfee and FireEye.
“Ninety-four percent of IT professionals want their organization to improve its overall cyber readiness. Businesses must do more and need an intelligent security architecture for managing today’s sophisticated threat landscape.”
Heightened focus on key industries
In addition to increased consumer spending, the 2021 holiday season sees a significant impact on industries coping with the increase in consumer demands. Eighty-six percent of organizations are anticipating a moderate to substantial increase in demand during the 2021 holiday season.
This year, the “everything shortage” is real – from a shortage in workforce to limited supplies to lack of delivery services. This creates an urgency for organizations to have actionable security plans and to effectively contain and respond to threats.
Supply chain and logistics
According to BCI’s Supply Chain Resilience Report 2021, 27.8% of organizations reported more than 20 supply chain disruptions during 2020, up from just 4.8% reporting the same number in 2019. The loss of manufacturing and logistics capacity, and employee-power, paired with increasing demand for goods, has created the perfect attack vector for cybercriminals: a potentially weak and vulnerable infrastructure to break through.
Supply chain managers must identify risks, understand the potential downstream effects of a security breach or cyberattack, and prepare response plans so they can act quickly in the event of an incident.
E-commerce and retail
According to Adobe’s 2021 Digital Economy Index, global online spending is expected to increase by 11% in 2021 to $910 billion during the holiday season. With store closures and increases in online shopping, along with limited product availability and concerns about shipping, this industry is faced with more threats than before.
According to McAfee Enterprise COVID-19 dashboard, the global retail industry accounts for 5.2% of the total detected cyber threats. Such threats include compromised payment credentials and cloud storage, as well as other forms of retail fraud and theft.
Cyber threats aren’t new to the travel industry – airports, airlines, travel sites and ride-sharing apps have been victims in years past. However, what sets it apart this year is that the industry has been in a holding pattern because of pandemic-related health concerns and travel restrictions.
According to the International Air Transport Association (IATA), coronavirus-related loss estimates for 2020 total $137.7 billion – with total industry losses in 2020-2022 expected to reach $201 billion. As demand for holiday travel is expected to increase over the coming months, cyber criminals are watching closely as the industry battles new challenges related to labor shortages, supply chain issues, travel bans and vaccination requirements – and profiting from vulnerabilities as much as they can.
What organizations need to know
While IT professionals know cyber threats have intensified, the findings prove that organizations have not effectively prioritized security during COVID-19:
- 60% saw an increase in online/web activity
- 33% have had their technology and security budgets reduced
- 56% have suffered from downtime due to a cyber concern, costing some over $100,000
- 76% find maintaining a fully staffed security team/SOC even more challenging during peak periods
Addressing emerging cyber threats
There are ways for organizations to be proactive and actionable against cybercrime, such as implementing security measures and industry-wide cybersecurity requirements, providing cybersecurity awareness training for employees, and developing prevention and response plans.