Nov 29, 2021
Black Friday, Cyber Monday, and the next five days of Cyber Week are heaven-sent for production and consumers worldwide but can be a nightmare for operations and security.
What Is Black Friday and Cyber Monday?
Initially, Black Friday and Cyber Monday were supposed to be complimentary. While Black Friday originated as a brick-and-mortar sales event the day after Thanksgiving (with many enterprises offering as a paid holiday), Cyber Monday was coined by the National Retail Federation (NRF) in 2005 as its online counterpart. However, the actual duration of the sales is the five days running from Black Friday until the end of the next week, known as the “Cyber 5” or “Cyber Week”. According to ABC News [1], small retailers enjoyed increased sales up to 211% and large retailers with up to 403% on the Saturdays during the “Cyber Week”.
How Black Friday and Cyber Monday Affects the Retail & Manufacturing Sector?
Consumers see online channels as far more secure, safe, convenient, and valuable. No more standing in long lines nor enduring traffic during sales, but through the comfort of their homes and a click of a button. In the U.S. alone, Adobe Analytics discovered that shoppers in 2020 had spent $9 billion on Black Friday and $10.8 billion on Cyber Monday, with the latter’s spending, increased to15.1% compared to the previous year [2]. With the pandemic and the industrial revolution, many manufacturers have either absorbed marketing and sales as part of their operations or removed third-party vendors by building their online stores. So that customers anywhere in the world can buy and get support for their products directly from them. With demands increasing, production quadruples. While this may sound like a marketing and sales issue, manufacturers should realize that along with the demands comes the risks. There are no better opportunities for malicious attacks to hide if not during the busiest times for operations.
What Are the Security Risks?
Many security-aware enterprises are concerned about the vulnerabilities often exploited by cyber criminals during these prime days, targeting unsuspecting victims, either their customers, employees, or both. Post-pandemic.
Ransomware
According to Verizon’s “2021 Data Breach Investigations Report” [7], ransomware tops as the number 1 most reported security incident for manufacturing, pushing down Phishing and DoS. In Digital Journal’s article [3], Tom Callahan, Director of Operations, MDR at PDI Software, stated that cybersecurity should not be overlooked. He further said that, “If a business gets breached and decides not to pay the ransom to get their data back, cybercriminals are now using that data to extort not only the business but the customers and partners of that business as well. As a result, the blast radius of a cyberattack can escalate very quickly across a wide footprint. That has the potential to disrupt the retail supply chain completely.” His concern was echoed by the CTO of StorCentric, Surya Varanasi, who stated in TechHQ’s piece [4], “While there is always a chance that ransomware will hit a smaller retail organization, the greatest likelihood is that it will target large organizations with operations, revenue and personal identifiable information (PII) to protect, as well as the deepest pockets to pay.” He also added in the article that one of the most common cybercriminal strategies of today is to attack the backup first and then go after the production and operations. This will leave the company at the mercy of the attackers and have no choice except to adhere to the ransomware demands.
Phishing
In a 2018 Information Age’s article [5], Haroon Malik, then-Director of Cyber Security Consulting, Fujitsu, UK, stated that “Phishing attacks increase by as much as 336% around Black Friday.” Fast forward to the year 2021, while we can see it no longer reign the top spot for the most common manufacturing security incidents, phishing remains an important security threat that should not be overlooked, if the consistency of this attack is in the top ten for years can vouch. In Verizon’s 2021 report itself, phishing occurred almost 20% of the total incidents recorded, and being 75% of the social form of attack targeting the weakest link reported for manufacturing. It should also mention that phishing accounts for 70% of cyber security attacks in the Asia Pacific.
Asset Vulnerabilities
In the same report as above, it was mentioned that the second most common security incidents involved the organization’s web application and denial-of-service (DoS). These attacks commonly occur due to the security flaws in the devices and network that are not tested for their resiliency towards attacks, or have long since been updated. Aside from ransomware, security intrusions include hacking and malware, often with targeted and compromised web applications and servers.
Reputational Costs
An organization will lose credibility and reputation when customers believe they could not trust the organization with their data. A 2016 Forbes Insights report[9] showed that 46% of organizations had suffered reputational damage due to data breach and 19% of the organizations suffered as a result of a third-party security breach or IT system failure. This is further proven in a Pricewaterhouse Cooper (PwC) survey [8] that 87% of consumers are even willing to walk away and take their business elsewhere if, or when, a data breach occurs. Suffice to say, customers will quickly lose trust in organizations that don’t focus on securing their environments and technologies.
Production Disruption
In terms of production, many manufacturers are worried about whether they can deliver on time. It is estimated that sales were made on Cyber Monday on average $6.3billion per minute [1]. One could guess how much out of those billions can be lost due to production disruption due to supply chain attacks. Reuters reported that purchasing managers commented that manufacturing deliveries were deteriorating globally, with the global delivery time index down to 34.8 in October 2021. With online purchases making sales skyrocketing and the recent pandemic hit severely on manufacturers, we are facing a global supply chain crisis, more so with the rampant ransomware attacks on interconnected devices used in operations.
What Can Retail and Manufacturers Do to Prevent Security Threats?
Security-by-Design Approach
A “Security-by-design” approach means that during the planning of the network and operational technology infrastructure, security is a top factor in consideration when built. This differs from the usual method where the operations and network were built first and the security needs were added or implemented later on. Among the examples of security-by-design are by ensuring the operations infrastructure is separated from the corporate infrastructure to reduce attack surface area and risks.
Secure Authentication
As John Haggard, an authoritative figure on authentication, aptly said in a 2016 Security Intelligence’s article [10], “The single biggest corrective step an organization can make to secure its environment is to ensure all identities, including employees, partners, customers and especially machines, are correctly authenticated. This sounds simple, but it is challenging to break the addiction to passwords that are the current champion of authentication.”
Business Continuity / Contingency and Backup Plan
What can your organization do when the system is compromised? Will it withstand the incident without affecting production? This is where a backup or contingency plan plays its role. Not just having a backup plan is enough, but ensuring it is secure from any exploitation. One of the ways is by having both onsite and offsite or hot and cold system backup. Take into consideration cybercrime, disaster recovery and crisis management (such as the pandemic lockdown).
Set Up Proper IDS / IPS and Incident Alerts System
Enhance the security posture of your operations by having a solid incident response plan, including a proper intrusion detection and prevention system (IDS / IPS), phishing and spoofing detection, and security incident alerts system, such as a Security Incident Event Management (SIEM) tool with a security team or vendor to monitor them, and invest in a solid DDoS mitigation system.
Employee Training
Human error, whether intentional or not, remains a big factor and weakness. Thus, it is vital to train an employee on how to handle sensitive information and avoid sharing privileged access. While seasonal shopping may make us think only about customers we need to worry about, let’s not forget that our staff can also be part of that group. Remind employees to avoid using company devices to conduct online shopping as they can fall prey to spoofing and phishing, making company devices vulnerable, letting attackers gain access to the internal network.
Frequent Security Maintenance
All of the actions above should not be “Set and forget”. It is essential to test and assess your operations security posture on a regular basis, as operational technology (OT) and industrial control system (ICS) security are ever-evolving, both in terms of risks and security methods. Regular security maintenance ensures any required adjustment can be immediately planned and implemented, decreasing the possible risks and mitigation needs. A frequent security assessment also helped an organization adhere to industry-specific requirements and framework, reducing an organization’s vulnerability to exploitation and attacks and increasing its credibility. Taking everything into account, cyber security during seasonal sales is important not just for retail but also for manufacturing. Leading figures had provided their input on the importance of cyber security in operations during those times, and organizations can take action to strengthen their security resilience based on the security risks, prevention, and mitigation methods mentioned above. A common practice of security-conscious businesses, they often liaise with industrial cyber security consulting firms to assist in planning, implementing and maintaining their operation’s security posture.