Cyber Monday is here to stay. What started as a phenomenon whereby North Americans were notably shopping online between Thanksgiving and in the run up to Christmas has now become the number one event on the commercial calendar for many retailers.
Today, it ranks as one of the biggest dates on the commercial calendar, with the UK being the world’s second most active participants, just behind the US1. In the UK, Cyber Monday is the busiest day of the year for online sales. What’s more, sales on Cyber Monday grow year on year, in fact, Cyber Monday 2023 saw a 43% increase in spending compared to 20222.
For consumers, Cyber Monday is a perfect storm, a combination of reduced prices and a willingness to spend in the holiday season.
For retailers, it’s a massive opportunity.
So, good news all round? Bargains for consumers, a hike in revenue for online retailers? Sadly, that’s not the full picture. Even businesses with no involvement in Cyber Monday would do well to prepare a robust cyber defence for this time of year in particular.
For those in the cyber security industry, Cyber Monday can be a date fraught with tension for two key reasons.
Malware and Phishing
Hackers and scammers can be incredibly cunning. Each year, they use an increasingly complex and convincing arsenal of fake emails and websites to trick bargain hunters into handing over their personal information or opening malware laden attachments. These phishing attacks mimic the emails, websites and shipment tracking of well-known existing businesses to trick shoppers. Thanks to the frantic nature and scarcity of supply associated with Cyber Monday, consumers often let their guard down in an effort to snatch up the best deals.
You might think that as a business, this isn’t your problem. Maybe you represent an online retailer, or even a business that takes no part in Cyber Monday. You would be wrong.
Phishing affects everyone with an email address. In even the most cyber secure business, your employees are susceptible to phishing attacks. This risk is multiplied by order of magnitude if your employees are using work devices or email accounts for shopping.
Imagine this: Your organisation isn’t involved in Cyber Monday sales, but one of your employees, eager for a deal, unknowingly opens an email attachment sent by a hacker posing as a trusted online retailer. Within seconds, that seemingly harmless attachment releases malware into your network, quietly compromising your systems.
Now, while the malware lurks in your infrastructure, it could be recording keystrokes, stealing data, or preparing to encrypt your files for a ransomware attack. This scenario is all too real during this high-traffic retail period.
Website Downtime
For online retailers participating in Cyber Monday, there is big risk involved. Having one day account for so much of their revenue for that period (some estimates put Cyber Monday as 20% of the revenue for the season) means that any website downtime could be incredibly damaging for revenue and brand alike. Hours or even minutes of outages could see thousands or even millions go down the drain as you spend the most lucrative day of the year on the phone to cyber security specialists.
Distributed Denial of Service (DDoS) is the kind of attack most commonly associated with this type of web outage, but more sophisticated methods of attack are being seen more and more. It’s possible that hackers already have a route into your network and are waiting for the most opportune moment to take out your website and send ransom demands.
What Can I Do?
So, Cyber Monday brings its share of threats to your online operations – internal, thanks to the heightened risk of phishing, and external, due to the increased damage potential of website downtime.
Cyber attacks are continuously on the rise and there are a multitude of protection technologies available. However, it is important that you have a comprehensive monitoring of your environment to detect when you’re being attacked, and to enable you to respond as quickly as possible.
The best way to insulate your business from cyber threats is Daisy’s comprehensive, 24/7/365 managed detection and response (MDR) service.
Our MDR service works by:
- Proactively searching for threats and signs of intruders
- Analysing massive amounts of log data from your system, using a mixture of human and artificial intelligence to search for signs a hacker or malware may be attempting to break into (or already inside) your network
- Triaging these alerts to assess the risk and scale of security events
- Remediation – our 24/7/365 security operations centre responds to the incident and rectifies the issue remotely
Our MDR solution spots threats as soon as is possible (detection) and nips them in the bud (response) before they are able to develop into an issue that could harm your business.
We know that Cyber Monday is a time for heightened awareness of the risks. Whether you’re involved in online retail or not, this period sees more cyber attacks and phishing emails than the rest of the year.
Don’t risk a disaster, reach out to one of our cyber security specialists today.