'Tis the season for increased cyber attacks
Thirty-one percent of retail IT professionals surveyed by Infoblox reported an increase in cyber attacks during the holiday season, often through phishing methods that employ fake promotional websites, according to an Infoblox report.
By attack type, 15% saw an increase in social media scams, while 14% saw a rise in distributed denial-of service (DDoS) attacks and 11% cited ransomware incidents. Commonly discovered weaknesses included unpatched vulnerabilities and customer/end-user errors, cited by 25% of those surveyed, as well as supply chain vulnerabilities and unprotected "internet of things" devices, cited by 23%.
Almost 65% of online retailers plan to increase levels of network monitoring and related security measures during the holiday season, acting on the forecast that 26% of holiday shoppers said they would shop exclusively online during the holidays, the report said.
Retailers and shoppers have never been more aware of security threats like phishing scams, yet consumers and retailers still fall for enticing emails featuring deals that are too good to be true.
As social media comes to have greater relevance as a shopping option, the sector is starting to see more cyber attacks attempted through that channel. Ultimately, as retailers open more channels through which they can market and sell to consumers, there is a potential of increased security risks.
Likewise, as they continue to adopt new technology in their stores and supply chains though IoT, artificial intelligence, solutions enabling frictionless shopping and other strategies, these migrations also present more devices and more potential entry points to potential attackers.
Infoblox suggested that retail IT professionals may want to make sure their partners, such as the makers of their IoT devices, "build security in from the start, including the ability to change passwords and maintain a regular patching schedule. Investing in enterprise-grade DDI (secure DNS, DHCP and IPAM) would also be recommended to monitor and manage the increasing number of endpoints introduced by each new technology."