Why Are SMBs a Target on Cyber Monday?
Cyber Monday is the one of the biggest shopping days of the year. In 2017, the National Retail Federation reported that 81 million Americans participated in Cyber Monday, and that number is estimated to grow in 2018. Why is it important to understand how many people will shop online during the holidays? It proves that the vast majority of American shoppers could be exposed to cyber threats.
Cyber Monday has become the shopping day of choice for many people who would prefer to make their purchases online rather than in a store. Companies need to take note of this shift in shopping preferences, since many employees can and will make their purchases at work, using the company’s network, and possibly using a company-owned device. Unfortunately, many SMBs assume that their business is not at risk for a cyberattack, but more than 70% of attacks actually target small businesses. Cyber criminals know that SMBs do not have the proper security measures in place, and take advantage of the high traffic of online transactions taking place on Cyber Monday. On Cyber Monday in 2017, there was a 301% increase in mobile apps attacks and a 36% increase in desktop attacks, according to Kount.
Attacks of the past
In November 2013, Target experienced a serious data breach that affected more than 41 million customers, and ultimately cost Target $18.5 million. The breaches began right before the holiday shopping season and infected Target’s system with malware that was able to extract customers payment information. How did the cyber criminals gain access to Target’s database? Through a third-party SMB vendor who didn’t have the proper security measures in place. Not only did this breach cost Target millions in customer damages, but it also cost the third-party vendor its reputation. The costs of a cyberattack are not always monetary, especially for a SMB.
Cybercriminals have become increasingly more sophisticated with their attacks, and it is almost impossible to ever be fully protected from a cyberattack. However, educating employees on the dangers of a cyberattack and implementing security awareness training can significantly reduce risk. Training for new employees during onboarding is a key first step, and implementing refresher courses around the holiday season is highly recommended.
Learn more about spear phishing attacks and how your employees can protect their emails. Or, download our eBook, What Makes a Good Cybersecurity Defense for a Modern SMB?