Cybercriminals see holidays as season of stealing

Tech Page One by Nick Clunn

Shopping online from the office places the corporate network at risk. Credit: Kostenko Maxim

The season of giving is also primetime for cybercriminals to do a lot of taking. Enterprise security managers know this all too well as the number of suspicious activity reports increase this time of year as attacks seek to gain access to the network.
Attacks increase during the holidays as millions of Americans take to the Internet to find and buy the perfect gifts. It’s a concern for IT because many of us do at least some online shopping from the office, or use devices tied to corporate networks to do it. In fact, a Salesforce.com survey found last year that half of all workers queried expected to spend some time shopping online while at work, Scott Grebe, a Dell security specialist, said during a webinar last week.
Even more money is expected to be spent online this year. Some forecasts predict an online spending increase of 15 percent, which sounds about right when you consider that shoppers last year spent a combined $1.5 billion on Cyber Monday, up 17 percent from the year prior, Grebe said.

Phishing and malvertising 

Some cybercriminals exploit unsuspecting workers by phishing, or sending phony email messages, to enter corporate systems. Simply clicking on a link in one of these emails could set off a chain reaction that can make a network vulnerable.
Another common means of entry is malvertising, which works the same way, but what gets clicked is an online ad that is often hard to identify as being malicious as many malvertisments appear on legitimate websites. The New York Times was attacked this way several years ago.
Complicating matters further is the growing prevalence of bring-your-own-device programs, mobile retail and opinions among employees that they should be able to use their personal devices for shopping — even when they’re connected to the corporate network.
“There’s a great propensity now for consumers to purchase, review and look up products online from a mobile device,” Grebe said.

Protective measures

But companies can take five steps to reduce the chance of an attack penetrating the network, said Grebe. They are: 

1. Educate employees how to recognize suspicious email.
2. Establish strong policies for passwords.
3. Apply updates and patches promptly and reliably.
4. Add IPS and anti-malware.
5. Use content filtering and application control

Author information

Nick Clunn

Contributor at Tech Page One

Nick Clunn is a journalist covering the tech beat and an adjunct professor at Montclair State University. He lives in New Jersey, where he had worked as a staff writer for several leading daily newspapers and websites.

TwitterGoogle+

The post Cybercriminals see holidays as season of stealing appeared first on Tech Page One.