The holiday sales season and the online crush that accompanies it might seem a natural field day for cyberthieves hoping to attack retailers — but according to an IBM analysis, they’re not, USA Today reported.
IBM’s Managed Security Service analyzed several years’ worth of data-loss records and found that the Thanksgiving holiday weekend is not when crooks come calling.
“I went into this thinking it seems likely that corporations are attacked more during Black Friday — it’s ripe for attack,” said John Kuhn, an IBM senior threat researcher. But when he looked, Kuhn couldn’t find an uptick in attacks during the holidays, “not just to the retail industry, but for any industry,” he said, adding that attacks occur all year, with thieves constantly looking for systems to infiltrate and then often spending months collecting and sneaking out data.
But other researchers point out that seasonal temp workers can be more at risk for weak passwords and phishing scams. “These less-trained workers that are hired during the holiday season are much more vulnerable to social engineering attacks,” said Akli Adjaoute, CEO of security company Brighterion.
Training and actual bans on Internet access help avoid trouble, a recent report by the Retail Cyber Intelligence Sharing Center said. Otherwise, “cashiers, clerks and seasonal workers may find fun things to do on the Web” that put them at risk for phishing and malware.