
Will Sweeney
The holidays are upon us, which means most retail, ecommerce, and logistics companies are ramping up operations to meet increased customer demand. Unfortunately, many cybercriminals are also taking advantage of the season.
Cyberattacks and data breaches have jumped significantly in recent years — nearly doubling worldwide since 2020, according to the International Monetary Fund. And these attacks are more likely to occur during the holidays. A survey from Semperis found that 86% of organizations were targeted by ransomware attacks on a holiday or weekend.
Why cybercriminals love the holidays
With millions of people loading up their online carts, it’s no surprise that the holidays create a unique opportunity for cybercriminals. Americans are expected to spend as much as $294 billion this holiday season on e-commerce alone—a 9% increase from the rest of the year, according to Deloitte’s annual holiday retail forecast. This increased transaction volume (and online activity) opens the door for common cyberattacks like phishing and payment fraud.
Additionally, the busy season creates more opportunities for employee error, which contributes to nearly three-quarters of data breaches, according to the 2023 Data Breach Investigations Report. During the holidays, workers are often distracted or on vacation, which can lead to security lapses. Moreover, many organizations hire seasonal employees during the holidays, who may not be trained on cybersecurity best practices.
Finally, as businesses race to fill orders and stock shelves, their existing web of vendors, contractors, and suppliers may also be strained. This interconnected nature of B2B operations can make supply chains more vulnerable, boosting the risk of a cyberattack.
Common threats to look out for
While cyber threats of all kinds increase during the holiday season, there are a few common tactics to keep an eye out for. The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) said in its Holiday Season Cyber Threat Trends Report that companies are reporting jumps in imposter websites, product-focused phishing attempts, and phone call-based social engineering attacks.
Last holiday season, ransomware made up just over a quarter of all cyberattacks, up from 13% the year prior. Those attacks generally use malicious software to exploit system vulnerabilities, often through unattended or unpatched devices. Phishing attempts, like fraudulent emails and sham billing requests, comprised 15% of all cyberattacks.
Cybercriminals also try to exploit email accounts to make fraudulent transactions or generate internal information leaks, otherwise known as business email compromise (BEC). Additionally, denial-of-service attacks are becoming more common, where bad actors disrupt business operations, usually those reliant on online services.
Short-term cybersecurity to implement right now
First, let’s cover what you can do right now, starting with employee training and awareness. All staff (including seasonal workers) should undergo cybersecurity training to understand your company’s policies and procedures thoroughly. Ensure this training focuses on how to spot and prevent phishing attempts, store passwords safely, and properly handle sensitive data. Next, implement multi-factor authentication (MFA) across all platforms, especially those that access critical systems and financial transactions. MFA can prevent the vast majority of automated attacks and the bulk of phishing attacks.
Strengthening your security posture
These next steps might take some time, but it’s better to start sooner than later. First, remember to institute regular software updates and patching. Technology progresses quickly, and cybercriminals can take advantage of businesses that struggle to keep up. Ensuring your company’s systems, software, and endpoints are up-to-date helps mitigate any vulnerabilities that bad actors could exploit.
Next, put a robust third-party risk management program in place. Since many B2B operations utilize a network of vendors, it’s important to ensure all of them follow strong security practices. This carries over to supply chain security. Just like with third-party vendors, your organization should strive to ensure the security of its entire supply chain. Be sure to implement secure communication channels, develop an overarching incident response plan, and monitor the security posture of the companies you do business with.
Stay safe and be merry
Although the holidays can be a joyful (and lucrative), B2B leaders must stay vigilant for cyber threats. By recognizing common threats and putting the necessary safeguards in place, you can ensure your holiday season remains merry — and no data breaches are hiding in your stocking.
About the author:
Will Sweeney is the managing partner of Zaviant, a data privacy and security consulting firm.
Sign up
Sign up for a complimentary subscription to Digital Commerce 360 B2B News, published 4x/week. It covers technology and business trends in the growing B2B ecommerce industry. Contact Mark Brohan, senior vice president of B2B and Market Research, at [email protected]. Follow him on Twitter @markbrohan. Follow us on LinkedIn and be the first to know when we publish Digital Commerce 360 B2B News content.
Favorite