Adrian Johnson
TLDR:
– Adversaries often exploit vulnerabilities in businesses during the Lunar New Year holidays, which are marked by fluctuations in staffing and business operations
– Retailers’ increased digital presence has opened new avenues for cybercriminals, making them attractive targets due to limited resources and minimal cyber security expertise
The Lunar New Year holidays, a time of increased consumer spending and online shopping, also bring increased vulnerabilities for retailers. The retail sector is particularly susceptible to cyber attacks during this period, with attacks ranging from payment-system attacks to data theft becoming more common. Retailers often have limited resources and minimal cyber security expertise, making them attractive targets for cybercriminals. As cyber attacks can result in severe consequences such as regulatory penalties, reputational damage, and operational risk
Retailers and businesses can take various steps to protect themselves during the Lunar New Year holidays and throughout the year:
1. Prioritizing identity protection: Retailers should train their staff not to share credentials in support calls, emails, or tickets. They should also avoid making IT contact details public on their websites, as this can aid adversaries in their impersonation efforts. During department shutdowns and IT changes, it is advisable to keep the details private and refrain from posting them on social channels. Additionally, using a VPN when carrying out business functions in another destination can help protect against unsecured public Wi-Fi networks.
2. Ensuring protection for cloud infrastructure: The increased use of cloud infrastructure among retail businesses has resulted in bigger digital footprints which can be targeted by cybercriminals. Mapping out assets and identifying areas of exposure can help organizations proactively address security gaps. Businesses should also refrain from using the mega sync function for data exfiltration and uploading large amounts of data into the cloud to minimize the impact of cloud breaches.
3. Getting to know the enemy: Organizations should be vigilant for attacks mimicking their business, particularly during busy periods like the Lunar New Year holidays. Leveraging threat intelligence can help organizations understand the nature of cyber risks and identify potential adversaries. Conducting tabletop exercises, raising awareness, and providing cybersecurity training to employees are also important steps in strengthening defenses.
4. Adopting modern security solutions: Organizations should prioritize cybersecurity throughout the year, not just during holiday periods. Adopting modern security solutions and maintaining a “security first” mentality can help keep businesses protected from evolving cyber threats. Vigilance and regular cybersecurity training can eventually become second nature to employees, helping to safeguard businesses on an ongoing basis.
In conclusion, retailers and businesses should take proactive steps to protect themselves from cyber attacks during the Lunar New Year holidays and beyond. By prioritizing identity protection, ensuring cloud infrastructure security, and staying informed about potential adversaries, businesses can minimize their vulnerabilities and have peace of mind during this busy period.
