According to a new report from Cybereason, 89% of global companies are concerned about repeat cyberattacks ahead of the holiday season, but, surprisingly, only two-thirds have a cyber response plan.
Concerns that attackers will strike over the holidays are valid, as cybersecurity researchers have observed a year-over-year uptick in cybercriminal activity on Black Friday through Cyber Monday. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have previously issued warnings that they’ve observed an “increase in highly impactful ransomware attacks occurring on holidays and weekends.”
Furthermore, the volume of ransomware attacks is up significantly. Unit 42, the Palo Alto Networks threat intelligence team, disclosed that ransomware attacks account for more than one-third of the cases the company responds to and it identifies new ransomware variants weekly.
Black Friday and Cyber Monday are a “free for all” for cybercriminals because everyone—consumers and businesses alike—is a target. Attackers are hoping to get lucky and obtain access to a treasure trove of sensitive data, such as passwords, credit cards or intellectual property, or wreak havoc on business during the biggest shopping weekend of the year.
Although attackers are more likely to target businesses during Black Friday/Cyber Monday weekend, capitalizing on people being away from the office or using the shopping frenzy as a smokescreen, consumers are access points into their employer.
With the biggest shopping weekend upon us, below are four things to know ahead of time.
- If the deal is too good to be true, it probably is – As a result of the global supply chain shortage, this year offers cyber attackers another human desire to exploit. Everyone wants their holiday gifts to arrive before the big day, but the reality is that many gifts won’t arrive on time. In addition to being mindful of unreal deals on this year’s hottest products, consumers should also be cautious of emails or ads that guarantee products will arrive ahead of the December holidays. These could be spamware, adware or phishing emails that infect your device or steal your data. If consumers have corporate files or email on their personal devices or they’re using company-owned devices to shop or check email, their employer is at risk. The U.S. Better Business Bureau’s full list of holiday scams to watch out for is available here.
- Don’t click or give your information to untrusted vendors – Like any suspicious email that hits your inbox, hover over the links before clicking to ensure the URL is safe, being mindful of any spelling errors or mismatching URLs. For example, if you get an email from “Best Buy” about their Black Friday sale, but the link to the website is “www[.]buybest[.]co” – it’s probably not safe. Instead, manually navigate to the real website. When making a purchase or giving your personal information to a site, make sure there is a padlock symbol in the address bar indicating that the website is secure.
- Change your passwords – If your password for personal and work accounts is the same or similar, now is a great time to change each password to something more robust (and different). While it might seem daunting to change all your passwords, password managers, such as LastPass or NordPass, make it easy to manage. When an organization is breached and passwords are stolen, attackers use or sell those credentials to break into other accounts with privileged access to sensitive data. When passwords are different, it makes it harder for cyber attackers to break in.
- Prep before leaving for the long U.S. Thanksgiving weekend – A devastating cyberattack has occurred during almost all major U.S. holiday weekends in 2021. Thanksgiving is no different. Before breaking for the extended holiday weekend, organizations should take several actions to ensure they’re ready in the event of a cyberattack. Read more on long weekend ransomware prep here.
Have a great holiday season by ensuring you’re cyber safe before signing off and be on your guard with online shopping.