Beginning with Black Friday and Cyber Monday, cyberattacks are predicted to spike throughout the entire holiday shopping season, according to the recent Carbon Black Holiday Threat Report. These attacks are on track to increase by nearly 60% this season alone, the report found.
Last year, global organizations faced a 57.5% increase in attempted cyberattacks during the holiday season, according to the report. The 2016 holiday season also saw an increase in cyberattacks 20.5% above normal levels. History has repeated itself year after year, so companies and consumers should remain cautious when online shopping in the next month.
"Based on existing precedent, we expect the same trend to continue, if not increase, during the 2018 holiday shopping season," said Tom Kellermann, Carbon Black's chief cybersecurity officer, in the report. "During the holiday season, there is often a ton of noise in the online world and attackers do everything they can to take advantage of that. This applies not only to consumers who shop online, but also to businesses as well, many of which are understaffed and, in the case of retailers, approaching the busiest time of the year."
Most of these holiday-centered cyberattacks on businesses come from commodity malware, typically delivered via spear phishing campaigns, according to the report. Companies are also the most vulnerable during the holidays, struggling to keep security teams available for holiday hours. However, the best way companies can stay protected is actually nontechnical, and more interpersonal, the report found.
Businesses can best protect themselves by creating a company culture that prioritizes cybersecurity and internet safety. To help companies stay safe from phishing attacks, the report identified the following three ways to spot a spear phishing email:
1. Evaluate the email's basic hygiene - Often with these emails, you'll see poor grammar, misspelled words and unorthodox URLs. Also, regardless of who is sending an email, be sure to do a brief check to ensure the sender's domain and email address are accurate and known to you.
2. Determine the email's content and motivation - Any requests for personal or financial information should be viewed with extreme caution, especially in business settings where attackers are keen to use spoofed emails from executives to target lower-level employees.
3. Attachments and link landmines - Downloading an attachment from anyone other than a verified, trusted source is perhaps the quickest way to get yourself in trouble when it comes to a phishing email. Attackers are aware of this and, as a result, will often use links inside of attachments to target victims.
The big takeaways for tech leaders:
- Cyberattacks skyrocket during the holiday season, especially those that use spear phishing to target victims. — Carbon Black, 2018
- Companies can protect against spear phishing emails by check the message's basic hygiene, determining the email's motivation, and taking caution with opening attachments. — Carbon Black, 2018
- Phishing attacks: A guide for IT pros (free PDF) (TechRepublic)
- Phishing warning: One in every one hundred emails is now a hacking attempt (ZDNet)
- Phishing and spearphishing: A cheat sheet for business professionals (TechRepublic)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Cross-site scripting attacks: A cheat sheet (TechRepublic)
- Man-in-the-middle attacks: A cheat sheet (TechRepublic)
- Security: Making yourself a hard target for hackers is easier than you think (ZDNet)
- How fact-checking could thwart phishing attacks (TechRepublic)
Macy Bayern has nothing to disclose. She does not hold investments in the technology companies she covers.
Macy Bayern is an Associate Staff Writer for TechRepublic. A recent graduate from the University of Texas at Austin's Liberal Arts Honors Program, Macy covers tech news and trends.