A DIGITAL security company has warned that 2015 is likely to become the biggest “Cybercriminal Christmas” so far, and it has told UK retailers that they need to be prepared for an increased level of attacks.
The study by ThreatMetrix – which analyses more than a billion transactions worldwide every month – showed that over the past three months the company detected 45 million attacks specifically aimed at online retailers, up by 25 per cent on the previous quarter. This is an indication that the run-up to the festive period is likely to see more attacks on online businesses than ever before.
Black Friday (November 27) and Cyber Monday (November 30) are two of the major pre-Christmas shopping days and are expected to become a particular target for online criminals.
Analysts at the UK’s online retail association IMRG predict that Black Friday will be the first £1 billion shopping day in the UK, with consumers spending £12,384 every second. Last year’s Black Friday sales topped £810 million.
And the pressure on retailers is likely to continue up to the January sales.
The Scottish Business Resilience Centre, which is aiming to create a secure environment for business, said news of the expected increase was not surprising.
Its director, Mandy Haeburn-Little, said: “In the busy digital period in the run-up to Christmas, the threat is not just to businesses involved in e-commerce, but to all that hold personal information which, in turn, heightens the level of risk to the consumer.
“The key message is that Scottish businesses of all sizes can no longer ignore the risk posed by cyber criminals and need to engage in pre-emptive measures to protect their operations – and indeed the security of consumers.
“The upcoming launch of Scotland’s long-awaited cyber strategy will offer real potential to see further public-private collaboration to tackle this huge threat.”
Last year ThreatMetrix reported 11.4 million fraudulent transaction attempts during the peak holiday shopping period. This year it expects that to double, through the continuing growth of mobile and online shopping, and following numerous security breaches. UK businesses could potentially stand to lose millions.
Vanita Pandey, a senior director of ThreatMetrix, said: “Generally, the third quarter is a slower time for businesses as consumers anticipate spending money during the Christmas and new year shopping season, but this year it yielded record numbers in attack attempts.
“The ultimate victims are the consumers whose digital identities are increasingly compromised with each subsequent breach.”
She added: “Cybercriminals don’t sleep when it comes to attacks – the majority of the attempts we saw were in the e-commerce space and retailers must stay on their toes when it comes to protecting digital identities during what is sure to be the largest digital season to date for online and mobile transactions.”
Using real-time analysis of fraudulent activity, ThreatMetrix found that 78 per cent of transactions were account logins, with five per cent described as high risk; 21 per cent were payments (3.2 per cent high risk); and one per cent were account creations (seven per cent high risk).
To attempt to defeat anti-fraud measures, cybercriminals are using bots (robot programs that can search for information) and botnets (a network of such programs).
Pandey said: “Botnets are the new data breach threat, as opposed to advanced persistent threats (APT), which attack the network from the inside out; botnet breaches are targeting the outside-in via digital identities.”
The use of mobile devices for shopping has also risen sharply – by more than half from the same period last year – and the trend is expected to continue.
“The main concern we stress with our society’s mobile-dependence is being aware of your online persona – how much information you share online and where you share it – as seemingly unrelated data can provide very important insight into a person’s digital identity,” Pandey said.
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here