When consumers depend on retail businesses the most, those businesses are the most vulnerable to cyber-attacks.
With seemingly never-ending Christmas shopping lists and lengthy grocery store lines, consumers rely on their trusted retailers during this time of year more than any other. But these retailers are also at heightened risk of cyber-attacks, with businesses facing a 30 per cent increase in attempted ransomware attacks over the holiday season. Even the online vendors that shoppers have turned to amid the ongoing COVID-19 pandemic become more vulnerable during this period.
Hackers don’t rest while employees across industries take time off to spend with loved ones. With this retail congestion actively in progress, attackers will leverage cyber vulnerabilities to maximize business disruption. At Darktrace, researchers even observed a 70 per cent increase in the number of attempted ransomware attacks in November and December compared to January and February.
Ransomware attacks – which have increased by 151 per cent globally between this year and last – have risen to the No. 1 cybersecurity concern facing businesses today. In its most recent ransomware threat bulletin, the Canadian Centre for Cyber Security (CCCS) documented that it continues to observe “high-impact ransomware campaigns that can cripple businesses and critical infrastructure providers.” These attacks continue into the holiday season when Canadian businesses and the consumers that rely on them cannot afford critical downtime.
Weekend and holiday attacks are not a new phenomenon. Examples like Solar Winds and Kaseya have demonstrated the trend of these out-of-hours attacks. The attack on Solar Winds was revealed last December, and hackers attacked Kaseya during the weekend of the U.S. 4th of July holiday.
While revellers celebrate the season, hackers become more active
As many organizations cease operations for the holidays and members of their IT and security teams go on vacation to spend time with families, these businesses become even more vulnerable than ever to cyber-attacks. Case in point: an alarming 76 per cent of ransomware attacks occur out of regular working hours and during the weekends.
When these businesses are major retailers and food suppliers, any disruption to operations ahead of a holiday, as in the ransomware attack on Ferrara Candy in the weeks before Halloween, will prompt risks of significant disruptions and jeopardize consumers’ access to holiday goods.
The reality is that these organizations are at an increased risk of being breached. Without a full in-office security team or a cybersecurity tool to disrupt malicious activity, attackers can lie in wait within an organization’s digital infrastructure and strike when an attack is least expected.
Attackers can move across the network, encrypting or exfiltrating sensitive data, learning vulnerabilities, and compromising employee credentials for use in targeted email and SaaS attacks. They can then access the business, its trusted third-party suppliers, and even customers.
Attackers seeking to compromise a business may even leverage holiday distractions to gather information on employees through social media to craft targeted phishing emails and messages to breach businesses.
Canadian consumers are also affected by these holiday cyber-attacks, just like the retailers they trust during the holiday season. Consumers are more likely to be targeted by malicious actors while distracted by holiday priorities – this includes clicking on suspicious links delivered via email, text message, or social media.
How can Canadian businesses defend themselves this holiday season?
An updated security posture will be the difference between staying ahead of attackers and falling behind as attackers continue innovating and targeting organizations during the holiday season. Building business resilience is the only way to stay ahead of attackers and ensure consumers have everything they need to enjoy the holiday season with their families.
Canadian businesses need to invest in security solutions that can detect and autonomously respond to threats at the first sign of an attack or anomalous behaviour. Especially in this popular shopping season, these organizations have a responsibility to be vigilant in the face of increased cyber-threats, protect their sensitive data, including consumer information, and rely on an adequate security posture to contain breaches and maintain business operations.
David Masson is the Director of Enterprise Security at Darktrace.
Photo by Clint Patterson on Unsplash
Leave a Reply