This week’s high-profile launch of Amazon’s Australian store has focused attention on the e-commerce segment and its power to transform the holiday shopping experience. Yet as Black Friday marks the unofficial beginning of the end-of-year silly season, CSOs everywhere will be holding their breath in the hope that surging online shopping doesn’t translate into a cybersecurity disaster.
Increased volumes of emails related to holiday discounts – with the likes of Click Frenzy, Black Friday (24 November), and Cyber Monday (27 November) driving a deluge of additional email to inboxes across the country – have created new opportunities for cybercriminals to launch new extortion, fraud and malware campaigns they hope will slip under employees’ radars.
Despite years of progress, slipping past employee defences remains easier than it should be – and it’s usually their own fault. A recent Preempt survey found that 41 percent of employees use the same passwords for personal and business accounts, while nearly 25 percent confirmed the presence of accounts where multiple users share a username and password.
One in three employees said they had bent security rules or found a way to work around them, with a quarter saying they had tried to access work data they weren’t supposed to. Those attempts were successful 60 percent of the time – suggesting that their companies simply weren’t equipped to find malicious behaviour on their networks.
The implications of poor password-security practices are exacerbated through widespread online shopping: if employees use work passwords when creating accounts at the new Amazon site or any other e-commerce site, they are potentially aiding malicious hackers that can profile their interests, employment and purchases to figure out their work passwords.
Even as time-tested classics like ransomware continue to lurk in malicious emails, hackers continue to try new compromise vectors: in recent weeks email fitering provider Mailguard, for one, has warned about separate scams piggybacking the brands of the Commonwealth Bank, Telstra, and Energy Australia. And Proofpoint’s recent Email Fraud Threat Report Q3 2017 found that the average number of targeted email fraud attempts increased by 12 percent from the previous quarter.
Such trends should prompt security executives to remind users about the importance of prudent cybersecurity practices – but they have also created opportunities for consumer-security technology providers like Cylance, which welcomed the Christmas season with an artificial intelligence-powered consumer security platform that is derived from the company’s enterprise tools and is being pushed to business executives as a take-home gift for their employees.
“The more forward-thinking CISOs are thinking that the boundary between the corporate and home networks have been blurred,” Cylance senior vice president and general manager of consumer Christopher Bray told CSO Australia, noting that even the company’s AI engine from 2015 was able to detect and block the WannaCry ransomware that devastated many businesses early this year.
Reinforcing security and password messages is particularly relevant towards the end of the year, Bray said, since ransomware poses “a threat everybody understands”.
“Users understand that it’s a threat to their personal data, their photo archive, and all the things that they hold important in their computer,” he explained, adding that the vendor is “counting on our large corporate customers to endorse this type of technology and provide it to their consumers.”
“If we can get in front of that and really demonstrate how to deal with that, we won’t need to worry about that type of threat,” he said. “The more it is adopted, the more that people will realise that this type of solution can actually provide a very good user experience that does exactly what it promised it would do.”