Businesses need to brace for cyber threats ahead of holiday season

Newly released research on online security has revealed that over half (51%) of Australian businesses and organisations have suffered from downtime due to a cyber concern in the last 18 months, with 82% of those incidents happening during peak season.

Released this week by McAfee Enterprise and FireEye, the Cybercrime in a Pandemic World: The Impact of COVID-19 findings revealed that 83% of Australian IT professionals find maintaining a fully staffed security team even more challenging during peak periods.

Explaining the imminent need for organisations to prioritise and strengthen their cybersecurity architecture, the findings indicated during the pandemic 81% of global organisations experienced increased cyber threats, with 79% experiencing downtime due to a cyber incident during a peak season.

In the lead up the holiday season, supply chain and logistics, ecommerce, retail, and leisure industries see predictable increases in consumer and business activity, making them more vulnerable to cyber threats and leaving businesses, employees and consumers’ data at risk.  

Bryan Palma, Chief Executive of the newly combined McAfee Enterprise and FireEye, advised “it is imperative that all business of scale evaluate and prioritise security technology to keep them protected, especially during peak seasons like the holidays.

“Traditional approaches are no longer enough - 94% want their organisation to improve its overall cyber readiness - and businesses need an integrated security architecture and an always on approach to prevent, protect and react to the threats of today.”

Heighted Focus on Key Industries 
In addition to increased consumer spending, the holiday season sees a significant impact on industries coping with the increase in consumer demands. 87% of IT professionals are anticipating a moderate to substantial increase in demand during the 2021 holiday season. This year, the ‘everything shortage’ is real - from a shortage in workforce to limited supplies to lack of services to deliver goods. This creates an urgency for organisations to have actionable security plans and to effectively contain and respond to threats. 

Supply Chain and Logistics 
According to BCI’s Supply Chain Resilience Report 2021, 27.8% of organisations reported more than 20 supply chain disruptions during 2020, up from just 4.8% reporting the same number in 2019. The loss of manufacturing and logistics capacity and employee-power, paired with increasing demand for goods, has created the perfect attack vector for cybercriminals: a potentially weak and vulnerable infrastructure to break through. Supply chain managers must identify risks, understand the potential downstream effects of a security breach or cyberattack, and prepare response plans so that they can act quickly in the event of an incident. 

Ecommerce and Retail 
Australia’s largest peak body for retail, the Australian Retailers Association (ARA) and Roy Morgan forecast that in the lead up to Christmas, the nation’s overall spending will come in at $58.8 billion, virtually unchanged on last year, but up 11.3 per cent on Christmas 2019. 

Despite bricks and mortar stores reopening across the nation as lockdowns ease, Australia Post reports eCommerce is up 23.4% from August 2020 and is set to continue throughout the holiday period, making them a bigger target for cyber criminals. According to McAfee Enterprise COVID-19 dashboard, the global retail industry accounts for 5.2% of the total detected cyberthreats. Such threats include compromised payment credentials and cloud storage, as well as other forms of retail fraud and theft. 

Leisure and Tourism
Cyber threats aren’t new to the travel industry - airports, airlines, travel sites and ride sharing apps have been victims in years past. However, this industry has been in a holding pattern because of travel restrictions. According to Austrade, Australia’s tourism industry was valued at $81 billion in 2020-2021, down 41 percent compared to 2019. As the demand for holiday travel will increase over the coming months, the reality is that cyber criminals are following the trends of limited flight options due to labour shortages, supply chain issues, new travel bans and vaccination requirements and profiting from vulnerabilities as much as they can. 

What Organisations Need to Know 
While IT professionals know cyber threats have intensified, the findings prove that organisations have not effectively prioritised security during COVID: 

• 51% of Australian organisations have suffered from downtime due to a cyber concern, costing some over AUD$130,000 
• 83% find maintaining a fully staffed security team/SOC even more challenging during peak periods 
• 64% of IT security professionals expect half or more of their organisations’ workforce to be remote in some capacity 

Addressing Emerging Threats 
There are ways for organisations to be proactive and actionable against cybercrime, such as implementing security measures and industry-wide cybersecurity requirements and providing cybersecurity awareness training for employees. In addition, enterprises and commercial business can utilise the state-of-the-art local and global telemetry in MVISION Insights, to determine who and what is attacking their specific industry and determine the actions they can take ahead of time to optimise defences against the threat or campaign. 

Cybercrime in a Pandemic World: The Impact of COVID-19 Survey Methodology 
McAfee commissioned a global independent market research specialist MSI-ACI to undertake the research for this study. Between September and October 2021, the quantitative study was carried out, interviewing 1,451 IT and line of business decision makers. Respondents came from Australia, India, Singapore, the United Arab Emirates, France, Germany, South Africa, the UK and the USA.

Respondents had to be an IT business professional, involved in IT security and work for an organisation with more than 500 employees.

Interviews were conducted online using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate.