For those of us living in the US, this week is when we observe Thanksgiving Day. That is followed by what’s known as “Black Friday,” which is the biggest shopping day of the year for retailers. What does that mean? Other than chaos in the shopping malls and ridiculous traffic, it means lots of credit card transactions which will certainly make the “cyber criminals” salivate.
That got me thinking: If I were a bad guy, what are 5 things I’d be thankful for this week?
- People drop their guard for a good deal. There is some visceral response when people think they are getting a good deal – a lot of their normal caution and discretion goes out the window. For someone looking to gain access to your money or credit card information, this means it will be a lot easier to get if they make it sound like a great deal. Don’t let your guard down – be careful where you shop, question any “too good to be true” offer, don’t click on suspicious links, and make sure you take due care with your wallet.
- People are looking for good deals. Item 1 becomes even more interesting this time of year, because consumers are not only open to seemingly good deals, they are actively searching for them. When people’s filters are relaxed, it’s easier to take advantage of them. Be on your guard.
- Some of my targets just got a lot more interesting. WIth all the commerce going on this week, retailers and online merchants are collecting lots of money, which means they are also capturing a lot of credit card data. That means that all of these “targets” just got a lot more lucrative. It’s kind of like the old Western movies where the bad guys want to rob a train because it’s being used to transport a chest full of money for payroll.
- It’s easy to hide in a crowd. Another benefit of the huge volume of commerce happening this week is that it generates a lot of transactions. Any time there is a lot going on, it is easier to “blend in” and do bad things without people noticing. This is why pickpockets are more successful in large crowds. The same applies to cybercriminals. Where there is a huge volume of transactions, there is also an increase in the number of security log events to sift through. As a bad guy, that means you might be able to slip through unnoticed.
- Lots of the people collecting credit card data aren’t securing it very well. History (and the Verizon Data Breach Investigations Report) will tell us that a large percentage of people storing credit card data and personally identifiable information aren’t covering the basics very well. Their system configurations are not secure; they are ineffective at monitoring and “catching the bad guys in the act.” The bigger targets attract the most sophisticated bad guys, and the bigger targets can be just as sloppy with security as smaller organizations. This is why it’s so important to have a well-understood set of security hardening standards, and to actually use them to harden your infrastructure.
So what do you say? This week (or any week for that matter) let’s be alert, harden our systems, and avoid giving the bad buys something to be thankful for.