Cyber threats heighten with holiday sales here

With the high-traffic events of Black Friday and Cyber Monday in full swing, the focus is not only on bargains and sales growth but also on the looming threat from cybercriminals looking to exploit the occasion. Retailers and consumers are not the only ones preparing for increased online activity; cyber threats have become a growing concern, as highlighted by experts in the cybersecurity sector.

According to Andy Rock, Solutions Architect at Integrity360, the increased online shopping activity creates a favourable environment for cybercriminals to launch attacks. The urgency and excitement surrounding bargain-hunting often lead to vulnerabilities that cybercriminals quickly exploit. Rock points out that personal device usage, unsecured networks, and rash decision-making make consumers susceptible to phishing scams, fraudulent websites, and payment card theft during these shopping holidays.

The risk is further exacerbated by the misuse of social media and artificial intelligence (AI). Rock explains that fake advertisements and fraudulent deals disseminated via social platforms are becoming increasingly common. AI tools are utilised to create persuasive fake messages or posts, frequently customised to target individual users by utilising data from their social profiles, making it even more challenging for consumers to discern legitimate from malicious content.

In light of these threats, Rock advises consumers to remain vigilant by scrutinising URLs, avoiding transactions on public Wi-Fi, and using secure payment methods. On the other hand, retailers collecting payment data must adhere to PCI DSS requirements to protect customer information and minimise liability in case of a data breach. Ensuring the rigorous training of staff to identify phishing and other social engineering tactics is crucial, particularly for those using corporate devices for personal shopping during these sales events.

Shankar Haridas, Head of UK and Ireland for ManageEngine, echoes similar concerns. He highlights that from November 2023 to January 2024, online criminals in Britain extracted over GBP £11.5 million from unsuspecting victims, with an average loss of GBP £695 per victim. Haridas emphasises the importance of employee education in cybersecurity, especially with the increase in hybrid working, where work and personal device usage overlap, leading to heightened exposure to phishing scams and malware.

Haridas also points to the challenge businesses face with AI, as cybercriminals leverage generative AI technologies to execute more sophisticated attacks. He warns that while AI can significantly bolster defences by detecting and responding to threats, poor implementation of these tools can leave businesses vulnerable. Organisations must move beyond outdated strategies, acknowledging that cyber resilience is a critical business imperative.

Haridas underscores the importance of investing in cybersecurity, suggesting that businesses should focus not only on customer discounts but also on safeguarding their infrastructure. "Cybersecurity," he notes, "is a shared responsibility," a sentiment that underscores the need for everyone, from consumers to IT strategists, to remain vigilant against cyber threats.

With major shopping days here, the need for robust security measures is more critical than ever. Both experts advocate for proactive steps to ensure that the temptation of a quick bargain does not come at the expense of long-term security for consumers and businesses alike.