Black Friday weekend is traditionally one of the biggest of the year for online sales, but those sales depend on retailers’ ability to maintain their e-commerce sites and fend off threats from cybercriminals.
The stakes are undoubtedly high for retailers, as well as all kinds of businesses, and so are the risks. Cybercriminals know that many IT security professionals will be at home eating turkey instead of keeping an eye out for attackers online over the long weekend, making this a good time for them to launch an attack.
That’s why the Cybersecurity and Infrastructure Security Agency on Wednesday reminded businesses, especially those involving critical infrastructure, to be on their toes, reiterating guidance it issued last year.
The message isn’t lost on Jon Hocut, information security manager at Brooks Running, who plans to stay by his laptop all weekend. He is responsible for protecting the personal information of riders who purchase his company’s products, as well as protecting all of Brooks’ business systems from online attackers.
In terms of sales, the “cyber five” stretch, including Black Friday and Cyber Monday, is a huge sales event for the century-old company known for its running shoes and apparel. Its e-commerce team expects traffic to the company’s retail site to jump 30% to 50% during these peak days.
If the site goes down over the weekend, it could mean millions in lost sales and a host of disappointed runners, but the Seattle, Wash.-based company has more to worry about than that. . Its computer systems also contain “shoe secrets” that must be kept confidential, as well as the software that sends and tracks shipments to retailers.
The ransomware problem
The “worst nightmare” for many companies, Hocut said, would be a targeted ransomware attack, likely involving a Russian criminal gang of cyber experts, that would stealthily infiltrate a company’s systems and then sneak through them undetected. .
Attackers would determine which systems are most critical, then find and compromise backed-up company data. Everything would seem to be fine until around midnight on Thanksgiving Day, when the company’s incident response team is home stuffed with turkey and nearly asleep, he said.
“That’s when they start hitting all of your systems and destroying them,” Hocut said. “When you are at least able to respond.
“It’s the nightmare, and that’s what we have to prevent from happening.”
Ransomware really is nightmare. The attacks, which have locked down entire computer systems in businesses, schools, hospitals and elsewhere, are becoming more frequent, more effective and more costly.
According to Sophos’s State of Ransomware report earlier this year, 66% of organizations surveyed said they were, up from 37% in 2020. And 6% of those attacks succeeded in encrypting their victims’ data, up from 54% the previous year. On top of that, the average ransom paid by organizations for their largest ransomware attack increased almost fivefold, to just over $800,000, while the number of organizations that paid ransoms of $1 million or more has tripled.
A big part of prevention is making sure systems are locked down and there are enough people to respond if something happens over the holiday weekend, Hocut said. At Brooks, the entire incident response team will be available 24/7 over the holiday weekend.
The company also recently hired cybersecurity firm Illumio to help bolster its defenses. The idea is to segment Brooks’ systems so damage is limited if a system is breached, said PJ Kirner, co-founder and chief technology officer of Illumio.
Kirner compared the company’s systems to the structure of a submarine, noting that submarines are built in compartments, so if any part of a submarine is punctured, it can be sealed and prevent the submarine from sinking. If a company can detect a breach quickly and prevent attackers from moving through its systems, it can also limit the damage, he said.
The idea is not new. Companies’ failure to isolate their most valuable data has long been blamed for some of the most massive data breaches in history. But segmenting massive computer systems is easier said than done, Kirner said.
That’s especially true for Brooks, Hocut said. The century-old brand, a subsidiary of Berkshire Hathaway, has experienced significant growth in recent years. In 2021, its revenue totaled $1.11 billion, marking its first year above the $1 billion mark.
The threats businesses face have also changed, Kirner said. While the thought of a massive data breach might have kept security professionals awake at night just a few years ago, the main threat now is the type of ransomware attack described by Hocut.
“If you look at the attacks from maybe five years ago, they were about data privacy issues,” Kirner said. “You have the client list, you have emails, you have credit cards. They were about a breach of confidentiality.”
Ransomware, by comparison, is about the operations of a business.
“Why are we talking about retail now? Because Thanksgiving is the most impactful operational day of the year,” he said, adding that customer data is just as valuable to cybercriminals everywhere. what other day of the year.
It is these operational threats that will keep Hocut and his team in “maximum paranoia mode” at least until the end of the weekend. They will look closely at any alerts that pop up and be very grateful and happy when they turn out to be false positives, he said.
Other IT professionals may not be so lucky.
“I expect 90% of my friends who specialize in incident response will probably be working on someone’s painful experience this holiday weekend,” Hocut said.