Cyber attacks and Black Friday: It only takes one to put you on the red

logo
Featured On

NewsweekForbesBuisiness InsiderAxios
This article contains
arrow
Get 70% Off Reason Cybersecurity on Black Friday and Keep Your Business out of the Red.

Nowadays, we associate the term ‘Black Friday’ with shopping and discounts galore, but the original term doesn’t share quite the same fun connotation. It was first put to use way back in 1869 and referred to a financial crisis when the stock market went into a free-for-all due to two heartless Wall Street financiers. That negative connotation stuck for over 100 years, although the reasons for the negative connotation did change over time.

It wasn’t until the late 1980s that the term took on a more positive note and became forever associated with the most popular holiday shopping day of the year – the day after Thanksgiving. Since retailers would sell so much merchandise on this day, they moved from ‘being in the red’ to ‘being in the black’, hence the name ‘Black Friday’.

So what does all this have to do with cyber attacks?

If you’re wondering what all this has to do with cyber attacks, the answer is ‘a lot’, as they tend to increase during the holiday shopping season. After all, everyone knows that criminals ‘follow the money’, and there’s a lot of money to follow if Deloitte.com’s prediction is any indication: A recent press release from Deloitte reported that e-commerce sales during the holiday season this year can be expected to reach between $144 billion and $149 billion in the US alone.

What kind of cyber attacks?

During the holiday season, consumers are rushing around and getting ready for the holidays by spending money on gifts, holiday decorations, special outfits, visits home, holiday parties etc. Hackers are just waiting to take advantage of all that holiday excitement, distraction, and spending. Businesses in particular stand to lose a lot both financially and reputationally if they’re attacked. Actually, customers can quickly lose their trust in retailers or organizations if there’s even a hint that that company’s cyber environment and technologies are not secure.

To protect themselves, businesses must be cognizant of these threats, take the necessary cybersecurity measures, and proceed with caution online. With that in mind, the threats that particularly see an uptick during this time of year are described below.

Phishing – Phishing definitely has a season and it’s the holiday season. According to Forbes.com, cybersecurity alerts spike on Black Friday and Cyber Monday, with the majority of them delivered through phishing campaigns. Hackers use spear phishing to get their target to release administrative credentials or to attempt network infiltration in order to prepare for an advanced persistent threat (APT) campaign against the business. Spear phishing emails are successful at tricking company employees into opening them because they often include a company’s standard letterhead and appear to come from a high-level exec. When businesses are attacked by phishing campaigns, they become casualties in many ways; they suffer business disruption, financial and reputational damage, loss of company value, and may even have to pay regulatory fines.

Ransomware – Ransomware attacks, which work by encrypting data on a computer and demanding money in return for unlocking the data, are likely to increase in the next few months as well, as the holiday season is a critical shopping time for retailers, which gives hackers a tremendous amount of leverage for their extortion attempts. This makes businesses a favorite target of hackers. Plus, businesses are also more likely to pay up when they’re attacked with ransomware – another reason hackers love them as targets. To make matters worse, not only are ransomware attacks becoming increasingly sophisticated and targeted, they’re also becoming more costly. According to bitsight.com, the average ransomware payment jumped to $36,000 in the second quarter of 2019.

Spoofing or fake CEO scams. Spoofing is a growing cybersecurity threat, largely because it is so effective. The FBI reported that these scams have resulted in global losses of at least $26 billion since 2016. A fake CEO scam is when an attacker sends an email that appears to be from a high-level executive in an organization and makes a request to someone, usually in the finance department, to wire money to an external account. The employee that receives the authentic-looking email, never suspects foul play and does as requested… and then the money is gone. Because spoofing can be so lucrative, there are cybercrime operations focused specifically on this type of attack. According to BBCnews.com, earlier this year 281 suspected hackers were arrested in 10 different countries as part of an attempt to disrupt a global cybercrime operation based on spoofing.

How can businesses and their customers stay safe?

Happily, businesses aren’t without recourse. Antivirus software is one of the most effective ways to safeguard computer systems and their data from cyber attacks. Businesses can start with free computer protection, which should provide malware scanning, detection, and removal in real-time. As their security needs change, they can consider moving on to more advanced antivirus protection. Firewalls, browser protection, and unwanted software blockers are also highly recommended. In addition, businesses should implement stronger password security measures, perform regular back-ups, keep their operating and antivirus software up-to-date, and make sure their network is secure.

Last, but certainly not least, industry experts have found that employee training about cyber threats and an overall cybersecurity culture drastically improves an organization’s online security. Conversely, lack of training increases an organization’s vulnerability. Cnbc.com, for example, reports that employee negligence is the main cause of a data breach. This all boils down to taking a proactive cybersecurity stance; be proactive in terms of cybersecurity software, cybersecurity policies, and cybersecurity training.