• About
  • Subscribe
  • Contact
Thursday, June 5, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Resources Blogs

Holiday havoc: Surge in cyber threats threatens festive season joy

Reuben Koh by Reuben Koh
December 4, 2023
Holiday havoc: Surge in cyber threats threatens festive season joy

Photo by cottonbro studio from Pexels: https://www.pexels.com/photo/person-holding-android-smartphone-3171000/

Share on FacebookShare on Twitter

At the end-of-year holiday season, with major sales events and digital events, we’ll start to see a higher frequency of security threats. It’s the time of year when the highest amount of money changes hands, whether in the digital or physical realm.

According to the Entering through the Gift Shop: Attacks on Commerce report, globally, retail remains the most targeted sub-vertical within commerce, accounting for 62% of attacks on the sector. Meanwhile, the latest Singapore Cyber Landscape report by the Cyber Security Agency of Singapore (CSA) revealed that the number of ransomware cases remained high at 132 in 2022, primarily affecting SMEs in manufacturing and retail. To help local retail firms strengthen their defences against cyberattacks, a refreshed retail industry digital plan will provide about 23,000 retail enterprises measures to identify appropriate tools and practices, and to safeguard their customers’ data.

Payment and financial information are heavily used across many different platforms and application programming interfaces (APIs) to facilitate transactions. According to CSA, 99% of Singapore’s government services transactions are conducted digitally, facilitated by Singpass, which enables over 5 million Singapore residents to transact with more than 2,700 services. This sudden spike in data that's moving from place to place, across the internet and the wire, makes it a very rich target for cybercriminals to profit from.

With consumers looking to make more online purchases, tempted by mega sales days like 11.11 and 12.12, holiday campaigns and special deals before Singapore increases the Goods and Services Tax in 2024, here are some of the key threats that businesses and individuals need to be aware of:

  • Web application and API attacks: e-commerce and payment platforms face a significant risk from hackers trying to exploit vulnerabilities in the software that powers these platforms, especially during major sales campaigns.
  • DDoS attacks: as customers rush to make purchases, there's a heightened risk of denial-of-service attacks (DDoS). If a DDoS makes your website inaccessible, there’s a direct revenue impact at the exact time when sales should be highest.
  • Malicious bots: these bots are designed to carry out large-scale attacks, such as taking over consumer accounts during peak shopping times, leading to fraudulent activities.
  • Web skimming attacks: attacks like Magecart have become more prevalent during the holiday seasons. These are akin to ATM skimming but are executed digitally, stealing sensitive credit card and payment information. This captured data is then used to commit financial fraud.
Related:  Cybersecurity crisis: The hidden costs to patient care

It’s not just retailers who are at risk

Making a digital purchase is not just about logging in and paying. Behind e-commerce platforms are multiple different processes involving many different parties. Cybercriminals don’t need to attack the end merchant but can go after other parts of the supply chain.

Product suppliers: as orders increase, suppliers become part of a larger supply chain, making them vulnerable. Orders are sent and payments are processed, all of which are potential points for cyber-attacks.

Financial service providers: FinTechs, payment processors, e-wallet providers and banks are all involved in transaction processes. Whenever financial data is transferred from one point to another, it’s susceptible to data breaches and exposure.

Logistics providers: they possess customer data essential for delivery, such as names, addresses and phone numbers, making them attractive targets for cybercriminals aiming to harvest data for further attacks like phishing.

Businesses must be prepared for a cyber-crime spike

Businesses should anticipate a surge in attacks during the festive season. It's vital to evaluate whether they have adequate protection against these threats. Do they have the right tools that can scale to defend against a large volume of attacks?

The four risks outlined above are all specialised attacks which general security tools, such as antivirus and firewalls, won’t protect against.

Retailers need to continuously assess and reassess their security posture, and what specialised tools they have to protect themselves and their customers from malicious bots, web skimming attacks or data scraping. It’s important to be aware of risk exposure and what exact services are being provided. Is it just a website or is there also an app or APIs?

Related:  Tenable enhances AI-driven exposure management with unified dashboards

With the increasing sophistication of phishing attempts, businesses and retailers also need to enhance consumer awareness campaigns and provide mechanisms for customers to verify the authenticity of communications and transactions.

Consumers need to understand that if they see a deal on email or social media that’s too good to be true, it very often is. The problem is that attackers capitalise on end-of-year sales when many retailers are offering discounts and sending many more marketing emails and SMS messages.

Cybercriminals can easily impersonate these brands, with Generative AI making phishing and social engineering attempts appear more authentic. How can consumers be certain which interactions are legitimate? Although currently rare, likely, deep fake videos will increasingly be used to influence consumers to download malware or make fraudulent transactions. These emergent threats are at the nascent stage, but we need to build defences and raise awareness

Tags: Akamaicyber riskscyber threats
Reuben Koh

Reuben Koh

Reuben Koh is a Director of Security Technology & Strategy at Akamai Technologies where he provides deep thought leadership and advisory in helping clients align security strategies with their core business initiatives and digital transformation processes. He also works with Fortune 1000 enterprises and business partners across Asia Pacific & Japan in providing cybersecurity guidance and expertise, especially in domains such as Web Security, Zero Trust, SASE, XDR, network security and Security Operations. With close to 20 years of experience in cyber security, Koh previously held prominent leadership roles with industry leaders such as Symantec, CA Technologies, VMware and Cisco Systems. Koh also holds various industry certifications such as CISSP, CISA, CISM and ITIL.

No Result
View All Result

Recent Posts

  • Platform to enhance software development security
  • Check Point launches enhanced branch office security gateways
  • BarracudaOne to offer a unified approach to cybersecurity
  • AI agents present new security challenges in Southeast Asia
  • Red Hat launches Enterprise Linux 10 for hybrid security

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl