We’ve made it back to that time of year where retail booms as the world goes shopping for gifts during the holiday season. While it is time for retailers to shine, it’s also the time where retailers are most vulnerable to security risks as bad actors are gearing up too. We have spent a good bit of time recently discussing how PCI-DSS regulations are only a starting point for truly securing your organization against cyber-security risk. In today’s blog we will talk about what may come this holiday season.
It’s safe to say that the Internet is here to stay. It’s especially the case when we consider purchases we make and how our shopping habits have evolved with online shopping. Internet shopping during the holiday season has become a major driver of retail sales that in addition to Black Friday, we now have Cyber Monday (on Monday, November 27 this year) which now gives consumers the additional choice to take advantage of fantastic discounts from the luxury of their couch by computer or mobile device.
What’s Expected this Cyber Monday
Cyber Monday gives us the ability to shop great holiday discounts from anywhere in the world, and it allows us to avoid the long lines and inventory related fights that we have grown accustomed to seeing between shoppers each Black Friday over the last few years. While we love all the comforts that Cyber Monday provides us as shoppers this holiday season, let’s not forget that it also starts off the season for DDoS attacks.
In the security industry, we have grown accustomed to botnet style DDoS attacks happening all around us. However, the massive scale of the attack at Dyn last year has certainly raised the awareness of DDoS attacks in general and the impact these have on our day-to-day lives. Given the recent trend of security breaches and attacks from Gmail to Equifax, it wouldn’t be unusual for an even more exciting holiday season with a DDoS attack or two that could really impact the retail industry.
Steps to Prepare for this Holiday Season
It’s not a matter of if but when an attack will happen. With that said, there are some practical things you can put in place now toward prevention and risk mitigation strategies for your company this online season.
- Conduct Penetration Tests to identify weaknesses in your infrastructure. Even look to simulate social engineering attacks to test and train your employees and make them aware of the heightened risk this holiday season
- Know your Network and Prioritize your Vulnerabilities. Understand your network topology and specifically understand the attack path associated with gaining access to your C&C infrastructure. Make sure you prioritize remediating and patching the vulnerabilities that would give access to critical infrastructure long before Cyber Monday.
- Understand Access Risk within your environment. Make sure you quickly remediate any Abandoned or Orphaned Accounts. Make sure you are fully in control of your Privileged Accounts and you can attest and certify that the right people have the right privileges.
- Come Holiday shopping time, make sure you are constantly monitoring network traffic. Using Network Detection and Response tools can help you gain visibility to infected devices on your network quickly. Make sure to take immediate action on those infected devices before it’s too late and a botnet gains access to your C&C infrastructure
- Strengthen Weak Passwords. It is best to use long strings of random letters, numbers and symbols to create passwords. Also, it’s best to avoid the habit of using the same password for more than one account.
- Enable Multifactor Authentication when available. When doing this, you will need two pieces of information to log into your accounts from a new laptop or phone.
Don’t be caught unprepared this holiday season. Follow these steps to help ensure your cyber-security and keep your organization, and your customers, safe this holiday season and beyond.
Do you know what threats lie in your network? With our security assessment you will have the power to improve your perimeter defenses, uncover hidden threats and initiate a response to stop data theft. Start today by requesting your personalized security assessment and start assessing real risk in your organization.