The holiday season is upon us, and just as it brings in thoughts of good cheer, hot mugs of cocoa and time spent with friends and family, so, too, does it bring an increase in cyber-attacks. In fact, in past years, security firms have reported a 150% increase in DDoS attacks alone, between the summer months and the end of the year.
What makes the holidays such an enticing time for hackers is pretty clear – the combination of reduced staff, increased vacations and significant upticks in eCommerce and mobile commerce make this time of year too attractive for cyber-criminals to pass up.
Many companies feel the increased attacks anecdotally, but aren’t aware of how enticing their systems are this time of year, how big the threat has become or what to do to protect themselves.
Like a Present with a Big Red Bow
There are a number of reasons why the holidays present the perfect time for hacking efforts to ramp up. First and foremost is the increased number of targets created by eCommerce and, more recently, mCommerce.
Retail stores are no stranger to increased sales volume over the last 6 weeks of the year. This year alone, the National Retail Federation predicts a 3.6% increase in sales over 2015, totaling almost $656 billion in sales in November and December.
And with more and more consumers opting to shop online instead of waiting in line, the number of targets has increased for any number of attacks, from DDoS to phishing and spoofing. eMarketer predicts an even rosier holiday season for retailers – with sales closer to $885 billion – and predicts that almost 11% of that will be from eCommerce, or $94.7 billion in sales, the largest eCommerce share to date.
But eCommerce isn’t the only area that can see an increase in attacks over the end of year holidays. In fact, those companies that aren’t involved in retail – which typically has blackout periods for taking vacations – see significant increases in the number of employees out during the holidays. This leaves enterprise organizations with a skeleton crew to identify and mitigate potential cyber attacks.
Bigger Every Year
As online shopping has increased, so has the volume of hacking attempts and attacks at the end of the year. The kinds of attacks that happen, and their purpose, range over most of the spectrum, from DDoS attacks to spoofing and botnets.
eCommerce is, unsurprisingly, the biggest target at this time of the year. And the cost associated with these attacks is staggering. An RSA survey in 2013 found that cyber-attacks during the holidays were costing companies close to $480,000 an hour. And that was 3 years ago.
The cost doesn’t just account for lost sales, either. Businesses also must factor in the downtime associated with an attack, the resources needed to combat the issues, the loss in reputation and loss of revenue from eCoupon abuse and exploitation of other online only offers.
Consumers are also targeted during these attacks. While a DDoS attack can be an inconvenience, phishing and spoofing attacks can mean big issues for shoppers. Sophisticated phishing schemes that set up fake check out pages to capture card and personal information have popped in the last few years, as have entire store fronts that appear to offer great deals, but are actually just collection sites for hackers to gather payment cards and other information on shoppers. The number of these kinds of phishing attacks in 2014 and 2015 were 9% higher during the holidays than they were the rest of the year, and there is no reason to think 2016 will be any better.
These threats go beyond eCommerce as well. With the increase in mobile shopping, mobile site phishing schemes and app store fraud has also increased. And with many consumers unaware of what to look for to ensure their mobile transactions are safe, it’s easy for criminals to target mobile purchases.
Some of the attack types expand well beyond retailers. Distributed Denial of Service (DDoS) attacks can certainly take their toll on eCommerce sites, but they also harm non-retail companies as well. Without access to online resources, companies can be slowed down during one of these attacks, and for those companies that rely heavily on SaaS application for productivity, they can be crippled during an attack. With fewer resources available during the holiday season, it can take longer to spot, and even longer to stop an attack on an enterprise system.
Bundle Up Your Systems
The harsh reality is that, as our society and businesses become more reliant on network and Internet services, both the rate and cost of cyber-attacks will increase.
But there are a number of things that companies can do throughout the year to help curb the damage to your systems, and even prevent some of the incoming attacks.
On the low hanging fruit side, make sure that your systems are all appropriately patched and running the latest versions of software. Vulnerabilities in older software are easy to exploit, but even easier to mitigate with a regular update schedule.
If you don’t already have a response plan in place for cyber-attacks and other disasters, add this to your resolutions for 2017. With a plan in place you can make alterations to that plan to accommodate staffing changes over the holidays. A plan also ensures that everyone knows what they are supposed to do in the case of an attack, preventing delays in trying to organize a team before they can get to work on the problem.
You should also consider having a third party help you out as needed. Whether that help is in evaluating your current system or in augmenting your staff when both threats and vacations are at the highest, an outside vendor can provide you an edge that more than pays for itself in salvaged sales and reputation, or productivity and up-time.
Increased cyber-attacks around the holidays won’t be going away any time soon. In fact, you can expect that they will increase and evolve to take advantage of amplified traffic and decreased resources. Well prepared organizations can weather the holiday storm, though, by acknowledging the heavy uptick in attacks during the last 6 weeks of each year and planning to address those problems head on.