Cyber Monday Kicks Off Holiday Shopping Season With E-Commerce Security Risks

The post-Thanksgiving e-commerce shopping event known as Cyber Monday draws millions of consumers each year seeking out bargains online - to the tune of $11 billion in 2022. Amid the purchasing spree, consumers routinely share sensitive personally identifiable information on e-commerce platforms, including credit card details and addresses, and a recent survey by CyCognito explores the question of whether these sites prioritize security and compliance. The report unveiled concerning insights on the risk of compromised PII, of which many remain unaware - and discovered substantial pitfalls in the security landscape of Cyber Monday e-commerce platforms. Even though more than half of e-commerce Web apps exist in the cloud, the research indicated they aren't immune to security vulnerabilities. The study revealed 2% HTTPS, the the secure version of HTTP and a protocol for secure data transmission. This poses a risk to around 520,000 of the estimated 26 million global e-commerce stores. Researchers discovered more than a quarter of these platforms operate without a Web application firewall, and nearly one in four e-commerce Web apps that collect PII are missing a WAF. Additionally, nearly six in ten e-commerce Web apps collect user PII, raising concerns about data handling. Equally worrisome is that 78% of these platforms don't seek user consent for cookies, a compliance red flag. The array of security issues doesn't stop there, with 13% of ecommerce Web apps throwing up certificate validity issues, and just under half of platforms have one or more cryptographic vulnerabilities. The report also found that 2% of ecommerce Web apps carry critical security issues, half of which involve PII, and more than three quarters of these critical issues are easily exploitable. Rounding out the research findings was the discovery that 7% of all e-commerce Web apps monitored had at least one issue from the OWASP Top Ten list, a commonly used awareness document for developers and Web application security. On the individual shopper front, it's worth a reminder that Holiday spending perennially catches the eye of threat actors, who exploit consumer behaviors and prey on the surge of online payments and digital activities during the holidays. This has risks for organizations, too: Companies continually battle credential harvesting, phishing, bots, and various malware variants, with a recent Malwarebytes Labs report warning of a 50% uptick in credit card skimming in 2023 - and that's only set to get worse during the holiday shopping season. Vandan Pathak, senior application security consultant at Optiv, says scammers are going to activate their plexus network of techniques to entice victims with fake promotions. "Individuals are highly advised not to entertain any messages or calls they receive which offer them direct holiday discounts," he says. "In the past, we have seen individuals fall for these traps frequently and the number is going to increase during the holiday season." He notes that individuals must be aware of scammers and fake gift card offers - often, these "Offers" come with the light lift of filling out a survey. "Only, the survey is fake, and the sole result is your personal information is now in the hands of a bad actor," he explains. "These have historically been quite successful tactics during the holiday months." He adds security front liners, such as network security engineers or analysts, should be attentive to upticks in unusual activity in company environments. "Attacks on organizations during this time of the year are successful often due to teams' guards being down," Pathak cautions.

This Cyber News was published on www.darkreading.com. Publication date: Thu, 30 Nov 2023 20:25:01 +0000


Cyber News related to Cyber Monday Kicks Off Holiday Shopping Season With E-Commerce Security Risks

Cyber Monday Kicks Off Holiday Shopping Season With E-Commerce Security Risks - The post-Thanksgiving e-commerce shopping event known as Cyber Monday draws millions of consumers each year seeking out bargains online - to the tune of $11 billion in 2022. Amid the purchasing spree, consumers routinely share sensitive personally ...
10 months ago Darkreading.com
9 online scams to watch out for this holiday season - By being aware of these common online scams and taking precautions, you can protect yourself and your family from becoming victims this holiday season. The holiday season is upon us, and that means it's time to start shopping for gifts. It's not just ...
10 months ago Blog.avast.com
Most scammed items for this Christmas season - As the festive season is just a couple of days ahead, the joy of giving and receiving is accompanied by an unfortunate increase in scams targeting unsuspecting holiday shoppers. Scammers are adept at exploiting the spirit of generosity and the rush ...
9 months ago Cybersecurity-insiders.com
Preparing for the Holiday Ransomware Storm - Particularly in a subset of industries, these teams find their organizations squarely in the crosshairs of cybercriminals during the holiday period, looking to profit. These industries' increased time sensitivity, criticality, and importance during ...
9 months ago Securityboulevard.com
Revolutionizing Commerce With AI - Picture a future where commerce is not just an exchange of goods and services but an intricate relationship of data, insights, and artificial intelligence. The AI revolution in commerce is redefining how we approach buying, selling, and market ...
8 months ago Feeds.dzone.com
The 3 Most Prevalent Cyber Threats of the Holidays - As many of us deck the halls, some folks are preparing for the cybersecurity holiday season - that perilous time of year rife with breaches, attacks, and threats in far greater frequency than in any other time of year. The surge in cyber business is ...
10 months ago Darkreading.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
8 months ago Securityzap.com
Christmas scams: Attacks to be aware of this holiday season - Now, not only has the victim been charged for this fake item, but the cyber criminal now has access to all their credit card information. Now more than ever, Christmas shopping is done online - and, of course, cyber criminals are going to take ...
9 months ago Securityboulevard.com
4 Tips for Safe and Secure Holiday Shopping - The holiday season is the most wonderful time of the year for experienced and novice cybercriminals alike looking to make a quick payday. Although threat actors are relying on classic scams to trick unsuspecting consumers this season, you can take ...
9 months ago Feeds.fortinet.com
The SANS Holiday Hack Challenge is back! The Register - Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Webinar Whether you are considering a career in cyber security or you already work in the industry, the 2023 SANS Holiday Hack ...
9 months ago Go.theregister.com
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
10 months ago Techrepublic.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
7 months ago Cyberdefensemagazine.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
6 months ago Cyberdefensemagazine.com
Uncertainty Is the Biggest Challenge to Australia's Cyber Security Strategy - Political shifts could lead to changes in Australia's cyber security strategy. Early in 2023, as the Australian government started to craft its cyber security vision, it met with opposition at both ends of the political spectrum. On the right wing, ...
9 months ago Techrepublic.com
E-commerce Security: Protecting Customer Data - In today's digital landscape, ensuring the security of customer data in e-commerce is a crucial concern for businesses. Protecting e-commerce data security is a complex task that requires a comprehensive understanding of the challenges faced by ...
8 months ago Securityzap.com
Safe shopping this sales season - Whether it's to avoid queuing, save time or simply to avoid the frustration from going to the shop and not finding what you were looking for, online shopping is the most popular shopping method in today's society. That's why we want to give you some ...
8 months ago Pandasecurity.com
Secure Online Shopping: Tips for Smart Homeowners - Secure shopping online is a prudent practice for homeowners. Researching the store and its reviews is an important step in ensuring a secure online shopping experience. Taking these steps before making an online purchase can help ensure a secure ...
9 months ago Securityzap.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 week ago Cyberdefensemagazine.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
8 months ago Scmagazine.com
Avast researchers detect a surge in fake e-shops following holidays - We kick off the new year with expectations of sales, but beware: a dangerous wave of fake e-shops is spreading on the internet. As the festive season wraps up, a new challenge emerges for online shoppers: the rise of over 4,000 counterfeit e-shops. ...
9 months ago Blog.avast.com
Cyber Security Managed Services 101 - Benefits of an MSP. Maximizing efficiency. Cyber threats and cyberattacks like ransomware targeting SMBs continue to increase in part because malicious actors realize these organizations don't have the means or manpower for security teams. Even ...
1 year ago Trendmicro.com
Beyond Traditional Cyber Defences: The Rise of Outcome-Based Security In Modern Business - Cyber security is no longer just about keeping systems and devices safe, it's also become central in enabling business to achieve their strategic objectives. Paul Brucciani, Cyber Security Advisor at WithSecureâ„¢, has important information about ...
8 months ago Cyberdefensemagazine.com
5 Ways to Counteract Increasing Cyber Insurance Rates - Despite this threat, only 55% of organizations have some form of cyber insurance, and only 19% have coverage for cyber events beyond $600,000. As the cybersecurity landscape continues to evolve, businesses must carefully evaluate their risk exposure ...
7 months ago Cybersecurity-insiders.com
Mississippi Creates New Cyber Unit and Names First Director - The state of Mississippi has recently announced the creation of a new dedicated cyber security unit, as well as the naming of its first director. The Mississippi Cyber Security Unit, headed by Director Kelly Hurst and backed by the Mississippi Office ...
1 year ago Securityweek.com
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
9 months ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)