Contributor:
James.Maude
November 27th, 2014

Phishy deals on Cyber Monday?

As America recovers from Turkey overload this Thanksgiving, thrifty shoppers are dusting off their credit cards to satisfy an altogether different appetite – the appetite for a bargain. With Black Friday already upon us and Cyber Monday just around the corner, online retailers are offering their most tempting holiday deals.

With almost $2 billion spent during Cyber Monday last year in the US, it’s clear to see why it has become a highlight in the retail marketing calendar. But it’s not just retailers who are keen to capitalise on the flurry of online activity, cyber criminals are keen to profit too.

In 2012, nearly 3,000 fraudulent website domains were registered using Cyber Monday as an identifying term. Cyber Monday is often used as bait for spam and phishing emails, as well as infiltrating both mobile apps and social media. Unfortunately, in the scramble to secure the best deals, security best practice goes out of the window. With Cyber Monday as the hook, shoppers are more likely to install apps, open email attachments and click on suspicious links without thinking twice.

You’d be forgiven for thinking then that this is a consumer concern; a wakeup call to eradicate our bad cyber habits. But, if you consider that 14% of the workforce now spend 50% of their time using the internet for personal reasons, Cyber Monday presents challenges for organizations across the globe.

So how can you ensure your businesses doesn’t fall foul of Cyber Monday madness?

Increased diligence, clear guidelines on BYOD as well as education for employees about the use and risks of social media and phishing scams is one approach, but very often, that message gets lost in translation in the rush to bag a bargain.

Many organizations will take a reactionary approach, relying on antivirus technologies or using detection techniques, locking down user activity to prevent further infection. Taking a more proactive stance, by employing measures like sandboxing, is an effective and simple way to protect against unknown cyber threats. Employees browsing websites carrying hidden threats or opening untrusted documents are direct targets for attackers. Vulnerabilities in Java, Silverlight and Adobe Reader can result in an employee being unknowingly compromised simply by viewing a website or downloading a document.

Sandboxing offers reassurance against unknown web-borne threats, isolating any malicious activity to ensure that malware is restricted and cannot reach valuable corporate documents and data. Sandboxing acts as final layer of defense as part of a DiD (Defense in Depth) approach, working in harmony with privilege management and application control to ultimately improve your security posture.

By following this approach shoppers and businesses alike, can enjoy Cyber Monday securely.

Find out more about sandboxing as part of our new, proactive Defendpoint software.

More from the Blog

Related technology and security insights

  • 28
    Jun
  • Story related

    NotPetya ransomware: Attack analysis

    On June 27, 2017 a number of organisations across Europe began reporting significant system outages caused by a ransomware strain referred to as Petya. The ransomware is very similar to older Petya ransomware attacks from previous years, but the infection ...