As consumers throughout India rush to do last-minute shopping for Diwali, retailers have good reason for concern. Amid the preparations for the fireworks, candle-lighting and family gatherings, a surge in online shopping – on Amazon, Snapdeal, Flipkart, CashKaro, and other popular ecommerce sites – at this time of year also means an increase in cyber security threats, as criminals plan to take advantage of the increase in e-commerce activity for their own malicious purposes.
A new report from Human Layer Security company Tessian highlights the fact that cyber attacks are at their worst around the holidays – when people searching for good deals are most likely to fall prey to a variety of attacks, including emails touting discounts that are used as lures in malicious scams.
For many retailers, it’s an ongoing challenge for their Security Operations Center (SOC) teams to secure the organization’s data, team, processes effectively. With so much data being created, it’s challenging for security teams to mitigate the relevant security threats and reduce the business risk.
Cyber attacks are at their worst around the holidays
Yet, the news isn’t all bad; there are clear ways to mitigate the risks: With appropriate education of employees, warnings for consumers, and an investment in the development of robust cyber security policies at the organizational level, you can improve your cyber security stance and protect your organization’s consumer data. Here are three important insights into what you can do to keep consumer data safe this holiday season:
The Diwali season is a common time for cyber criminals to implement a range of brand impersonation attempts – malicious behaviors allowing them to steal consumer data. For example:
The Diwali season is a common time for cyber criminals to implement a range of brand impersonation attempts – malicious behaviors allowing them to steal consumer data.
There are many ways for malicious actors to steal information - the most common of which include:
We recommend carrying out a threat and exposure assessment - an exercise that proactively searches the clear, deep and dark web for targeted threats or exposures a malicious actor could exploit to compromise your critical infrastructure and sensitive information. This type of exercise seeks to find information used in the reconnaisance stage of an attack such as evidence of domain spoofing, phishing sites, and exposed credentials and then provides recommendations on mitigation. Ideally this should be an ongoing process that can continuously feed into your SOC and IT decisions.
Encourage customers to make smart decisions using basic data hygiene and security steps when shopping online this Diwali season, for example:
Moreover, customers can spot malicious activities themselves and avoid falling into the traps laid by threat actors if they know what to look for. Emails that have a sense of urgency or panic (“Buy now before the deal runs out!”), spelling and grammatical mistakes in the email or website address or content, and requests to provide confidential information or open an attachment are all “red flags.”
You can mitigate the risk of cyber security attack by adopting processes that protect the consumer data collected by your organization, including:
Emails that have a sense of urgency or panic (“Buy now before the deal runs out!”), spelling and grammatical mistakes in the email or website address or content, and requests to provide confidential information or open an attachment are all “red flags.”
With Diwali symbolizing the victory of light over darkness and good over evil, it’s the perfect time to invest in improving your defenses against the “dark side.”
The unfortunate truth is that together with the delicious samosas and deep-fried puris, there is a marked increase in the number of cyber attacks that comes with the high level of ecommerce activity leading up to Diwali. And retailers can avoid costly cyber attacks by being informed and taking the necessary preventative actions.
As retailers, the new year is a time for evaluation and assessment – a chance to redirect efforts at the organizational level. By working with an advanced Managed Security Services Provider (MSSP) such as CyberProof, you can take steps to improve your organization’s cyber security stance and protect consumer data.
As we approach this festival full of light, the CyberProof team wishes you and yours a very happy Diwali!
Contact us to learn more about how we can help your organization mitigate the risk of attack.