Cyber Monday: Prime Time for Cybercrime

03 December 2019

If you’ve not succumbed to Black Friday or perhaps are seeking further retail opportunity/therapy, Cyber Monday shopping offers will no doubt have filled your mailbox. Perhaps, if you aren’t already restricting your inbox to receive messages from known addresses, more than a heavily discounted offer might be awaiting in your mailbox…only a click away! 

This annual shopping extravaganza is “prime time for cybercrime” and cybercriminals have become relentless with their campaigns. The later part of the year offers a prime opportunity for cybercriminals to hook both consumers and business users with phishing attacks, using your favourite brands or shopping websites to deliver malicious links or payloads via your personal or business email in the guise of amazing offers. 

And no sooner than the Cyber Shopping extravaganza is over, the topic of the UK election will be used to grab your attention, followed by Christmas offers, becoming a never-ending assault on your inbox – and perhaps more. 

If we briefly review recent data on phishing attacks, some key headlines are apparent:

  •  Phishing accounts for 90% of data breaches
  • 15% of the people successfully phished will be targeted at least once more within the year
  • The average financial cost of a data breach through phishing for an SME is estimated at £1.3M
  • Phishing attempts have grown 65% in the last year
  • Almost 50% of phishing sites are using HTTPS encryption – a 40% increase over the previous quarter in 2018
  • More than 1.5 million new phishing sites are launched each month
  • Phishing attacks have affected 76% of businesses in the UK
  • 30% of phishing messages are actually opened by targeted users and 12% of those users click on the malicious attachment or link.

 (Sources: Contact, PhishMe, Webroot, Verizon)

 Increasing awareness within your organisation of the ever-evolving threat of phishing attacks and the impact to the business is only part of a successful approach. Even the most diligent staff can be tricked by phishing emails. For example, a staffer might receive an email request that looks like it’s coming from senior leadership, or even the CEO or CFO, for an urgent payment to be made to Company X. All the request asks for is some “additional” banking information. Or it could be a more sophisticated attack that requests access to a banking website that looks very similar to your corporate account. Either way, to the employee, it looks like a legitimate request, when in truth, it’s cybercriminals at work. 

 Whether you are using a corporate or personal device to access your business data (and also customer data), your company needs to ensure that the security capabilities and controls available in Microsoft Office 365 or Google G-Suite are all enabled to provide you with the best protection. This level of security not only secures your email, but also your browser and the other collaboration tools available. The question is: are you taking advantage of all of the security controls? 

KA2’s Smarter Security Controls provide a best practice security implementation with actionable insight to the regular management of collaboration software within your organisation. As part of the delivery, your organisation will receive a Security Framework, Security Management, and ongoing Security Reporting. The Security Reporting is defined to provide your organisation with comprehensive reports to validate and identify security issues and then respond and improve the security posture as required.

To learn more about KA2’s Smarter Security Controls please click here.

For further details on how KA2’s Smarter Security Controls can help protect your data and secure your organisation from an ever-evolving threat landscape, please get in touch with our expert Justin Gibbs, Head of Cyber Security at KA2 –