Industry Perspectives Blog

‘Tis The Season for Holiday Cyber Threats Targeting Enterprises in a Pandemic World

The holiday season is upon us, and many are preparing to celebrate with family and friends both near and far. While we tend to look at consumer tendencies during the holidays, the season also presents a significant challenge to industries coping with the increase in consumer demands. McAfee Enterprise and FireEye recently conducted a global survey of IT professionals to better understand their cyber readiness, especially during peak times like the holiday season, and the impact the pandemic has had on their business. Most notably, 86% of organizations are anticipating a moderate-to-substantial increase in demand during the 2021 holiday season. The question is: Are they ready for that demand?

This year, the “everything shortage” is real – from a drop in available workforce to limited supplies to lack of delivery services. This creates an urgency for organizations to have actionable security plans and to effectively contain and respond to threats. Supply chain and logistics, e-commerce and retail, and the travel industry traditionally experience holiday seasonal increases in consumer and business activity, making them more vulnerable to cyber threats and leaving business, employee, and consumer data at risk. Here’s a statistical snapshot of these affected industries and how they can prepare for the anticipated increase in seasonal risks:

Supply Chain and Logistics – According to BCI’s Supply Chain Resilience Report 2021, 27.8% of organizations reported more than 20 supply chain disruptions during 2020, up from just 4.8% reporting the same number in 2019. The loss of manufacturing and logistics capacity, and employee-power in 2021 are expected to increase demand for goods, creating the perfect attack vector for cybercriminals: a potentially weak and vulnerable infrastructure to break through. Supply chain managers must identify risks, understand the potential downstream effects of a security breach or cyberattack, and prepare response plans so they can act quickly in the event of an incident.

E-Commerce and Retail – According to Adobe’s 2021 Digital Economy Index, global online spending is expected to increase by 11% in 2021 to $910 billion during the holiday season. With store closures and increases in online shopping, along with limited product availability and concerns about shipping, this industry is faced with more threats than before. According to McAfee Enterprise COVID-19 dashboard, the global retail industry accounts for 5.2% of the total detected cyber threats. Such threats include compromised payment credentials and cloud storage, as well as other forms of retail fraud and theft.

Travel – Cyber threats aren’t new to the travel industry with airports, airlines, travel sites and ride-sharing apps having been victims in years past. However, what sets this year apart is the travel industry enduring a holding pattern caused by pandemic-related health concerns and travel restrictions. According to the International Air Transport Association (IATA), coronavirus-related loss estimates for 2020 total $137.7 billion—with total industry losses in 2020-2022 expected to reach $201 billion. As demand for holiday travel is expected to increase over the coming months, cyber criminals are watching closely for vulnerabilities as the industry battles new related challenges – labor shortages, supply chain issues, travel bans, and vaccination requirements.

What Organizations Need to Know
McAfee Enterprise and FireEye threat findings unwrap the imminently crucial need for organizations to prioritize and strengthen their cybersecurity architecture through the holidays and end of 2021. Our research indicates that 81% of global organizations experienced increased cyber threats and 79% experienced downtime in the wake of previous cyberattacks.

While IT professionals know cyber threats have intensified, the findings prove that many organizations have not effectively prioritized security during COVID-19:

  • 94% percent of IT professionals want their organization to improve its overall cyber readiness
  • 60% saw an increase in online/web activity
  • 33% have had their technology and security budgets reduced
  • 56% have suffered from downtime due to a cyber concern, costing some over $100,000 USD
  • 76% find maintaining a fully staffed security team/SOC even more challenging during peak periods

Proactively Guarding Against Emerging Holiday Threats
Organizations can be proactive in defending their networks, data, customers, and employees against the anticipated increase in holiday cybercrime by implementing security measures including, but not limited to:

  1. Adopt industry-wide cybersecurity requirements designed to protect against the latest iterations of cyber threats, especially those known to target specific industries.
  2. Provide cybersecurity awareness training for employees, especially when encountering holiday phishing emails or texts and suspicious URL campaigns designed to breach organizational databases.
  3. Develop an incident response plan capable of responding and remedying a security breach in minutes rather than hours.

In addition, enterprises and commercial businesses can implement cloud-delivered security with MVISION Unified Cloud Edge (UCE) and FireEye Extended Detection and Response (XDR).

Note: The research was conducted between September- October 2021 by MSI-ACI via an online questionnaire to 1,451 IT Security Professionals from nine countries.