Buying & sales frenzy
In recent years, the days of action have been increasingly used by hackers for criminal transactions. The high level of activity, interest and transactions is extremely attractive to them. At the same time, customers are more willing to take advantage of vouchers, offers or websites. In addition, small and medium-sized companies are often lulled into a false sense of security. Sure, hackers only ever target the big corporations, don't they? Often enough, effective processes and performance take precedence over IT security.
How can cyber criminals exploit this?
The hammer method is to disrupt or completely paralyze websites. Such cyber attacks on online stores are 70% more frequent on Black Friday than on normal days. The method of choice? DDoS attacks with up to 21.8 million requests per second. A number of record-breaking and particularly intensive attacks took place on last year's Black Friday. The result? Online stores can be paralyzed for hours in the middle of the peak shopping period. The result is massive damage to sales and reputation. An additional challenge: under certain circumstances, the e-commerce industry is obliged to investigate data security incidents very closely and document which data has been compromised.
Also very popular: phishing. Phishing should not be missing from our overview, as Black Friday & Cyber Monday are virtually predestined to steal personal data, identities or money. Mostly by email, you will receive various links or attachments to websites, fraudulent apps, logins or vouchers. Login data or payment information is tapped there. Malware, i.e. viruses, Trojans, spyware, etc. can also be distributed in this context. And with skimming on e-commerce platforms, for example, credit card data is read from the payment pages. The damage can be immense, not to mention the renewal of necessary certifications or even the closure of the store.
The highly professional hackers pursue one of these goals: Enrichment through blackmail or use of the data on the darknet, elimination of the competition, attracting attention.
Protective measures
Of course, it helps to implement information security guidelines and inform the workforce of the need to comply with them. In addition, employees should be trained directly in security awareness, use strong multi-factor authentication and strong passwords. Early patches and other security-related updates are also an absolute must. Specifically, the trustworthiness of URLs, the grammar in emails or forms and a coherent web design must also be checked. In any case, if something seems too good to be true or if pressure is exerted, you should keep your distance.
Our tip:
We can provide you with comprehensive, end-to-end protection against all of the risks mentioned. Over 1,000 customers benefit from this protection and our 20 years of experience as a cyber security enabler with zero-trust security architectures based on clear solution concepts. We provide you with comprehensive protection in hybrid scenarios, including against unknown threats, DDoS attacks, phishing campaigns and malware of all kinds. All this with end-to-end consulting and support, single point of contact, modular and affordable 24/7 managed security services, leading security technologies and our own security software solutions “Made by DTS”!
dts.de