It’s All About Balance

Life is all about balance.

Calories in. Calories out.

Chocolate. Vegetables.

Jumping out of airplanes. Sitting on the couch.

As organizations, we strive to maintain optimum efficiency in our networks while, at the same time, striving to maintain security and privacy for ourselves and our users and clients.

Again, balance.

This holds particularly true for retail organizations and consumers around the holidays, as cyber criminals attempt to gather consumer data and overcome potential security flaws in retailer websites. Cyber criminals can take further advantage by capitalizing on the annual sense of urgency this season elicits – to get the shopping done while grabbing that perfect 70% off clearance sale – without consumers necessarily giving a second thought as to whom their personal information is going.

As the holidays approach, GTIC researchers took a peek into several topics relevant to consumer and organizations’ worries– analysing MSS data from retail-specific organizations and shedding light into the most popular cyberattacks targeting the industry – and its consumers – during the month leading up to the holiday season.

NTT Ltd. researchers also took a look at both at the evolution of the brute force attack – specifically against passwords – and at the current threat facing the retail industry from these types of attacks.

In the retail industry, brute force and web application attacks accounted for over 72% of all attack activity. To make matters worse, AI-enhanced brute forcing tools continue to proliferate and can be leveraged in tandem with current password-guessing tools, making it even harder for users to maintain passwords strong enough to withstand these tools.

More worrisome is that this type of activity may be laying the groundwork for future attacks in the coming months by testing the resiliency of websites – and the safety of user credentials.

Another primary concern in retail – for consumers especially – is keeping information private and secure; quite understandable given that over 80% of malware observed by NTT Ltd. researchers were information stealer or key logger variants.

That said, keep in mind that malware does not exist in a bubble.  Meaning, if your network has been infected with one type of malware, it likely indicates that security measures are lacking in one or more places, leaving the network open to other malware. Recent NTT Ltd. data suggests that one popular ransomware variant has been observed riding the coattails of another popular malware.

So, not only is private information potentially at risk, but the combination of all of these factors increases the chance of daily operations being severely interrupted if backups are not readily available.

Hopefully, these points drive home the fact that privacy is of the utmost importance to organizations and consumers alike. But while the onus seems to fall on organizations responsible for the security of their clients’ data – and even as governmental entities like the European Union are pushing for new privacy regulations – consumers need to take responsibility for their own information as well.

As in almost everything in life, it boils down to balance.

Download the November Monthly Report here.