As America recovers from Turkey overload this Thanksgiving, thrifty shoppers are dusting off their credit cards to satisfy an altogether different appetite - the appetite for a bargain. With Black Friday already upon us and Cyber Monday just around the corner, online retailers are offering their most tempting holiday deals.
With almost $2 billion spent during Cyber Monday last year in the US, it's clear to see why it has become a highlight in the retail marketing calendar. But it's not just retailers who are keen to capitalise on the flurry of online activity, cyber criminals are keen to profit too.
In 2012, nearly 3,000 fraudulent website domains were registered using Cyber Monday as an identifying term. Cyber Monday is often used as bait for spam and phishing emails, as well as infiltrating both mobile apps and social media. Unfortunately, in the scramble to secure the best deals, security best practice goes out of the window. With Cyber Monday as the hook, shoppers are more likely to install apps, open email attachments and click on suspicious links without thinking twice.
You'd be forgiven for thinking then that this is a consumer concern; a wakeup call to eradicate our bad cyber habits. But, if you consider that 14% of the workforce now spend 50% of their time using the internet for personal reasons, Cyber Monday presents challenges for organizations across the globe.
So how can you ensure your businesses doesn't fall foul of Cyber Monday madness?
Increased diligence, clear guidelines on BYOD as well as education for employees about the use and risks of social media and phishing scams is one approach, but very often, that message gets lost in translation in the rush to bag a bargain.
Many organizations will take a reactionary approach, relying on antivirus technologies or using detection techniques, locking down user activity to prevent further infection. Taking a more proactive stance, by employing measures like sandboxing, is an effective and simple way to protect against unknown cyber threats. Employees browsing websites carrying hidden threats or opening untrusted documents are direct targets for attackers. Vulnerabilities in Java, Silverlight and Adobe Reader can result in an employee being unknowingly compromised simply by viewing a website or downloading a document.
Sandboxing offers reassurance against unknown web-borne threats, isolating any malicious activity to ensure that malware is restricted and cannot reach valuable corporate documents and data. Sandboxing acts as final layer of defense as part of a DiD (Defense in Depth) approach, working in harmony with privilege management and application control to ultimately improve your security posture.
By following this approach shoppers and businesses alike, can enjoy Cyber Monday securely.
Find out more about sandboxing as part of our new, proactive Defendpoint software.
James Maude,
James Maude is the Lead Cyber Security Researcher at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.