Black Friday and Cyber Monday will see an increase in frequency and sophistication of cyberattacks. This means e-commerce shops and service providers need to be more vigilant than ever.
Traceable AI’s Chief Security Officer Richard Bird has explained to Digital Journal with his insights that could aid retailers and ecommerce shops so they are better aware of common attacks.
Such information also helps to prepare retailers (or ‘etailers’) against new forms of attack and helps them to put measures in place prevent them in the future.
According to Bird: “Black Friday and the holidays aren’t just a time for giving, but they are also the prime time for “taking” by the bad guys.”
In term of the immediate threats, Bird says: “The most common attacks during this time are ones that take advantage of our distractions as consumers and security professionals, and the increased volume of our online transactions. The bad actors are going to focus on any weakness in your cybersecurity defenses that are susceptible to fraudulent account takeover (ATO) or account creation, automated attacks leveraging bots to scrape, steal and scalp data from all of our web assets and phishing attempts that pinpoint our emotional desires and anxieties that we experience during the holiday season.”
As to what needs to be done, Bird advises: “Security and business leaders in the e-commerce space need to embrace the knowledge, data and experiences they’ve gained over the last 3 to 4 years, instead of re-inventing the wheel. The most common methods of attack that you’ve experienced in prior holiday seasons is exactly the way you’ll be attacked this year too. Why?”
Explaining this, Bird says: “Because of the success the bad guys have had in that same time period. Bad guys go with what works, which means you should be well prepared to fight their efforts. Err on the side of security with new account creations by leveraging identity proofing tools, monitor your riskiest API calls and aggressively review your highest trafficked target pages for exploitable weaknesses.”
There is more to be done, opines Bird: “ Cybersecurity professionals should be thinking like the Grinch during the holidays in all the clever ways that he snuck presents away from the trusting citizens of Whoville. MFA is a great tool for everyone in the digital world, from consumers to IT workers.”
And as to this riskiest time of the yar, Bird says: “But it is crucial during the holiday season to acknowledge the well-known weaknesses of the authentication method. MFA is a proven target for social engineering, and with the substantial up-tick in online traffic during the holiday season e-commerce organizations must take steps to educate their consumers or provide tool-tips during the customer sign-in transaction to encourage users to be hyper aware of the risks of phishing and social engineering when it comes to their multi-factor authentication actions.”
With preventative actions, Bird recommended: “Like the old saying goes, an ounce of protection is better than a pound of cure. While recovery capabilities are crucial for companies today, the reality is that companies are struggling mightily to weather the costs of a breach. The cost of attacks don’t just accrue after an incident. Today’s API and application-borne attacks are a huge risk to day-to-day operations and revenue. And the holiday season is exactly when companies can’t afford to be taken off-line or lose a cent of sales dollars.”
Bird further advises: “Add in the increasing possibility of fines and penalties for failing to protect customer data and the total impact of a breach and we can begin to grasp why 60 percent of small and medium sized businesses go out of business within 6 months of a successful attack. Investing even a little bit more in cybersecurity, whether that be measured in dollars or focus, is better than going broke after you’ve been hacked.”
