Retailers: Don’t Let Black Friday Cyberattacks Darken Holiday Shopping
Valentine’s Day, Mother’s Day, Independence Day, Back-to-School, and Halloween are days in which retailers reap huge profits. Yet nothing compares to the most wonderful time of the year: Thanksgiving Day to Cyber Monday. In a recent survey by the National Retail Federation (NRF), consumers say they will spend an average of $1,047.83 this holiday season, up 4 percent from the $1,007.24 they said they would spend in 2018.
As holiday shopping season kicks into high gear, holiday cheer isn’t the only thing spreading far and wide. The holiday shopping season represents a range of cybersecurity risks to retailers, their supply chains, and their customers:
- Retailers are often targeted by a wide range of tactics, techniques, and procedures (TTPs) including Card Not Present (CNP), gift card fraud, skimming, malware, account takeovers, and denial of service.
- Third-party vendor security has become a greater concern. When Target was breached back in 2014, the compromise happened via stolen vendor credentials of Target’s heating and air conditioning contractor. For most retailers, their Point of Sale (PoS) software and devices will be the Achilles Heel that constitutes a third-party risk.
- The holidays upon us and consumers are ready to shop. With increased spending, the holiday season becomes highly lucrative for cybercriminals as consumers have historically been the number one target.
While all organizations are potential targets of cyberattacks, the industries which possess the most valuable data are the biggest targets and retail is at the top of that list. There are numerous ways that retailers and consumers alike can disrupt and/or mitigate the activities of cybercriminals.
Following these steps can protect the retailer, their supply chain, and their customers from falling victim to cybercrime.
- Conduct Email Threat Assessments
With the increasing number of cyberattacks via email systems, companies should increasingly conduct periodic email threat assessments targeting malware that may have made it through their anti-virus and firewalls.
- Perform Network and Endpoint Threat Assessments
With the expansion of information systems, software applications, bring your own devices, and Internet of Things (IoT), testing networks and endpoints with Intrusion Detection Systems (IDS) will reduce potential vulnerabilities to cyber-attacks
- Implement an Effective and Timely Patch Management Program
Some of the most significant data breaches were the result of organizations’ failure to implement effective and timely software patch management programs of Microsoft and Cisco software.
- Establish a Cybersecurity Awareness and Education Program
The most cost-effective means to improve cybersecurity posture is to create a human firewall by providing quality cybersecurity educational programs to all employees and partners.
- Ensure Continuous Monitoring, Detection, & Response (MDR)
Every organization should invest in an appropriate level of MDR services based upon the cyber threats their organization encounters or anticipates. The key is to rapidly detect intrusions to quickly contain and eradicate the malware to reduce negative impacts upon the information system and data assets.
Cyberattacks are increasing in sophistication and magnitude of impact across all industries globally. However, taking proactive precautions and fine-tuning cybersecurity programs can help protect your business, supply chain and your customers against cyberattacks this holiday season.
by Callie Guenther | CYBERSOC Data Scientist, CRITICALSTART
Featured in Retail IT Insights | November 19, 2019
Callie Guenther is a Cyber Threat Intelligence Manager at CRITICALSTART. Callie plays a key role in the application of threat intelligence to the cybersecurity space and has helped government agencies, nonprofit organizations, healthcare organizations and the private sector prepare against cyberattacks.
You may also be interested in…
- Consumer Education(40)
- Consumer Stories(2)
- Cybersecurity Consulting(7)
- Data Breaches(15)
- Data Privacy(43)
- Incident Response(2)
- MDR Services(69)
- Penetration Testing(5)
- Press Release(65)
- Research Report(10)
- Security Assessments(4)
- Thought Leadership(18)
- Threat Hunting(3)
- Vulnerability Disclosure(1)