Companies can safeguard their businesses from emerging holiday threats. Here’s how

The holiday season is upon us, and many are preparing to celebrate with family and friends both near and far. While we tend to look at consumer tendencies during the holidays, the season also presents a significant challenge to industries coping with the increase in consumer demands. McAfee Enterprise and FireEye recently conducted a survey of IT professionals, in nine countries including the UAE, to better understand their cyber readiness, especially during peak times like the holiday season, and the impact the pandemic has had on their business. Most notably, 90 per cent of organisations in the Emirates are anticipating a moderate-to-substantial increase in demand during the 2021 holiday season. The question is: Are they ready for that demand?

This year, the ‘everything shortage’ is real – from a drop in available workforce to limited supplies to lack of delivery services. This creates an urgency for regional organisations to have actionable security plans and to effectively contain and respond to threats. Supply chain and logistics, e-commerce and retail, and the travel industry traditionally experience holiday seasonal increases in consumer and business activity, making them more vulnerable to cyberthreats and leaving business, employee, and consumer data at risk. Here’s a statistical snapshot of these affected industries and how they can prepare for the anticipated increase in seasonal risks:

Supply Chain and logistics – According to BCI’s Supply Chain Resilience Report 2021, 27.8 per cent of organisations reported more than 20 supply chain disruptions during 2020, up from just 4.8 per cent reporting the same number in 2019. The loss of manufacturing and logistics capacity, and employee-power in 2021 are expected to increase demand for goods, creating the perfect attack vector for cybercriminals: a potentially weak and vulnerable infrastructure to break through. Supply chain managers must identify risks, understand the potential downstream effects of a security breach or cyberattack, and prepare response plans so they can act quickly in the event of an incident.

E-commerce and retail – According to Adobe’s 2021 Digital Economy Index, global online spending is expected to increase by 11 per cent in 2021 to $910bn during the holiday season. With store closures and increases in online shopping, along with limited product availability and concerns about shipping, this industry is faced with more threats than before. According to McAfee Enterprise Covid-19 dashboard, the global retail industry accounts for 5.2 per cent of the total detected cyber threats. Such threats include compromised payment credentials and cloud storage, as well as other forms of retail fraud and theft.

Travel – Cyberthreats aren’t new to the travel industry with airports, airlines, travel sites and ride-sharing apps having been victims in years past. However, what sets this year apart is the travel industry enduring a holding pattern caused by pandemic-related health concerns and travel restrictions. According to the International Air Transport Association (IATA), coronavirus-related loss estimates for 2020 total $137.7bn with total industry losses in 2020-2022 expected to reach $201bn. As demand for holiday travel is expected to increase over the coming months, cyber criminals are watching closely for vulnerabilities as the industry battles new related challenges – labour shortages, supply chain issues, travel bans, and vaccination requirements.

What organisations need to know

McAfee Enterprise and FireEye threat findings unwrap the imminently crucial need for organisations to prioritise and strengthen their cybersecurity architecture through the holidays and end of 2021. Our research indicates that 87 per cent of UAE organisations experienced increased cyberthreats, with 83 per cent experiencing downtime due to a cyber incident during a peak season.

While IT professionals know cyberthreats have intensified, the findings prove that many regional organisations have not effectively prioritised security during Covid-19:

• 34 per cent have had their technology and security budgets reduced
• 57 per cent believe the company can place more emphasis on a plan to prevent cybersecurity issues
• 84 per cent find maintaining a fully staffed security team/SOC even more challenging during peak periods

Proactively guarding against emerging holiday threats

Organisations can be proactive in defending their networks, data, customers, and employees against the anticipated increase in holiday cybercrime by implementing security measures including, but not limited to:

1. Adopt industry-wide cybersecurity requirements designed to protect against the latest iterations of cyberthreats, especially those known to target specific industries
2. Provide cybersecurity awareness training for employees, especially when encountering holiday phishing emails or texts and suspicious URL campaigns designed to breach organisational databases
3. Develop an incident response plan capable of responding and remedying a security breach in minutes rather than hours

Raj Samani, chief scientist at McAfee Enterprise and FireEye (the combined company)

Read: Over 60% of UAE consumers already holiday shopping to avoid supply chain issues