""The holiday season is filled with gifts, including the ones we unknowingly hand over to threat actors in the form of sharing personal information and other security mishaps that result in cyberattacks," says Nathan Wenzler, Field CISO at Optiv. "This year, consumers across the U.S. plan to spend nearly $80 billion online and in-store during Black Friday and Cyber Monday, an increase of about $20 billion compared to last year, according to a new survey conducted by Omnisend.""
"Perhaps it goes without saying, but that increase in online shopping may also mean an increase in opportunities for cybercriminals. In 2024, mobile threats rose by four times during the holidays - with holiday shopping predicted to increase this year, it is likely that cyber threats will follow. Wenzler remarks, "Social engineering attacks impersonating brands, skimming attacks and fake updates have historically been observed during the Black Friday/Cyber Monday events. That trend will likely continue in 2025.""
"This isn't just an issue for individual shoppers. If employees are targeted with these holiday scams, organizations could be at risk, too. "Security front liners, such as network security engineers or analysts, should be attentive to upticks in unusual activity in company environments," says Wenzler. "Attacks on organizations during this time of the year are successful often due to teams' guards being down, less staff, and laxed cyber hygiene. This can lead to a slow detect and respond time for attacks.""
Consumers plan to spend nearly $80 billion across Black Friday and Cyber Monday, increasing online shopping and associated cybercrime opportunities. Mobile threats rose fourfold during the 2024 holiday period, and similar increases in shopping are expected to drive corresponding cyber threats. Social engineering, brand impersonation, skimming and fake updates are common attack types during sales events and are expected to persist. Employee-targeted holiday scams can expose organizations when staff are reduced, vigilance lapses, and cyber hygiene weakens. Security teams should monitor unusual activity closely. Best practices include avoiding unsolicited links or attachments, verifying domains, and avoiding offers of 'free' products or services.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]