Black Friday is fertile phishing ground for cybercriminals, with the usual dubious email scams, as well as rogue advertisements and “offers” spread through social media to glean personal data from thrifty consumers.
The U.K.’s National Cyber Security Centre (NCSC), which constitutes part of the country’s Government Communications Headquarters (GCHQ) intelligence agency, has issued its first ever official Black Friday cyberthreat warning and will be taking to Twitter today to answer cybersecurity questions from the public via Twitter.
“Cybercriminals have a field day at this time of year because they know your guard is a little lower as you rush to bag the bargains,” NSCS noted in a blog post. “Your inbox is probably full of promotional emails promising the most incredible deals. And when this is the norm, it becomes hard to differentiate real bargains from the dodgy ones.”
And as retailers face a surge of consumer traffic, there could even be a higher risk of spurious activity slipping through their cyber blockades. For example, rogue hacker group Magecart has previously wreaked havoc at several major companies, including Ticketmaster and British Airways, by skimming customers’ personal payment information at the online checkout.
With Black Friday now in full swing — and also prevalent in countries that don’t even celebrate Thanksgiving — now is as good a time as any to talk about the state of cybersecurity.
The global cybersecurity market is expected to grow 12 percent to $114 billion in 2018 and to rise another 9 percent next year to around $124 billion, according to a recent Gartner report. And although consumers are often a major target for cybercriminals, attacks against businesses are particularly on the rise.
A recent Malwarebytes report found that detection of cybercriminal activity targeting businesses grew by 55 percent in Q3 compared to the previous quarter, while in the consumer realm the figure jumped by 4 percent.
The spread of mobile and internet of things devices across both the consumer and corporate realms will only increase the surface area through which hackers can gain entry to systems and private data hubs. The cybersecurity industry is trying to keep up, but it’s not an easy thing to scale when there is a shortage of technical talent — there will reportedly be a cybersecurity workforce shortfall of nearly 2 million people by 2022.
Job postings site Indeed recently found that cybersecurity listings have grown by 3.5 percent in the past year alone, and as companies increasingly recognize the need to take their digital security seriously, the demand for cybersecurity expertise will only grow.
Verizon released its first Mobile Security Index report back in February, and some of the findings were startling. The survey, which was based on feedback from 600 mobility professionals in the U.S. and the U.K., found that around one-third of organizations have “knowingly sacrificed security for expediency or business performance,” according to Thomas T.J. Fox, senior vice president for Verizon’s wireless business group.
“Think about that,” he said. “One in three organizations that we work with, buy from, turn to for health care, and that govern the communities in which we live, have put speed and profit before the safety of their data — and our data. And that’s just the ones that are aware and willing to admit it. The number could be significantly higher.”
While some companies may not be taking cybersecurity as seriously as they should, it’s clear that many are — judging by the level of resources being thrown at the problem.
Last week, for example, BlackBerry announced it was buying AI-infused cybersecurity startup Cylance for $1.4 billion, which was just the latest in a long line of major acquisitions and investments in the cybersecurity industry.
San Francisco-based Valimail raised $25 million this year to further develop its automated platform that helps companies such as Uber and Yelp establish the authenticity of emails, thus preventing fraudsters from pulling off targeted phishing attacks. Agari raised $40 million for a similar AI-powered solution, while PhishMe — which also provides tools to help employees recognize malicious phishing emails — was bought for $400 million by a private equity consortium.
Elsewhere, Cisco bought two-factor authentication (2FA) specialists Duo Security for $2.35 billion; publicly traded network security company Barracuda went private as part of a $1.6 billion acquisition; AT&T acquired threat intelligence company AlienVault; Symantec snapped up Appthority and Javelin Networks to boost its mobile and enterprise security offerings; Splunk bought security automation and orchestration platform Phantom for $350 million; and CrowdStrike, a company using AI for endpoint protection and threat intelligence, raised $200 million at a $3 billion valuation. And the list runs much longer, with Israel alone claiming more than 150 cybersecurity startups, of which at least 16 have raised more than $50 million.
It’s clear that AI will play a big part in helping companies scale their cybersecurity offerings, but the battle to secure the necessary technical talent will continue to spur major acquisitions in the space. Indeed, as one analyst wrote in Computer Business Review (CBR): “A profound shortage of strategic acquisition targets and rapid technological evolution has one clear side effect: a fertile, and increasingly expensive, M&A market.”
Whether Black Friday really does increase the risks around cyber-chicanery or not, one thing is clear. No one is immune to cybersecurity concerns — from online shoppers to customer support reps answering their emails.