At this time of the year, it may not be Santa Claus who is watching while you’re sleeping and knowing when you are awake. The sheer volume of online shopping, projected by the National Retail Federation to be $105 billion this year, together with the urge to get to the finish line makes Christmas a hugely attractive holiday for hackers around the world. Cybersecurity services provider Cytegic tracks cybercrime trends and notes that “Attacks against retailers usually take place a few days before a major holiday, with the week before Christmas being the most threatened time in this period.”
The Retail Cyber Intelligence Sharing Center points out a couple of major realities that underlie the retailer end of the holiday cyber challenge. “Retailers see much higher volume peaks, especially at sale times, both in stores and online. This makes it harder to detect anomalous traffic, and it’s impractical to block IP ranges based on geography, because online sales can be global.” Also, “Retail staff is motivated and focused on sales, at the risk of possibly allowing fraudulent transactions or other types of breaches.”
On the home front, keeping your data secure becomes ever more difficult, as we move from buying hobby horses to buying Trojan horses. Once again, the Internet of Things may be making it possible for a Grinch to steal your Christmas in ways you hadn’t considered.
Earlier this year Mattel introduced “Hello Barbie,” a talking version of its iconic Barbie doll. Critics pounced, suggesting it was downright creepy for children to be talking through Barbie to a toy company that wants to sell more toys. As it turns out, the bigger concern may be that folks with other motives might also be listening to those conversations. Computer security researchers just announced that the app used by the toy has flaws that let hackers eavesdrop on communications between it and cloud servers to which it connects. That notice comes on the heels of a November incident in which we learned that someone breached an app store data base from toy manufacturer VTech, uncovering the names, birthdays and genders of more than six million children and apparently getting their photographs as well.
What should a harried holiday shopper do? Security software company McAfee (now Intel Security Group) offers a helpful shopping list of scams and how to avoid them. The FBI checks in with its own warnings and precautions. In the end, it is up to us to pay attention, be cautious, and be good for goodness sake.
By Tom Davis, SDI Cyber Risk Practice
December 15, 2015