2022 has seen a proliferation of high-profile e-crime attacks. As we embark on 2023, it is only apt that there is a renewed focus on e-crime.
As global economies reopen and revenge spending surges in sectors such as tourism and luxury, retailers and organisations will be especially vulnerable during this period. e-crime groups are prolific and opportunistic and will strike where there is an opportunity to exploit vulnerabilities for financial gain.
Southeast Asia (SEA) and Singapore are not immune to such cyber-attacks. As data from OverWatch has shown, e-crime accounted for 33 per cent of interactive intrusion activity in APJ, while targeted intrusions increased to 35 per cent.
Policymakers and tech innovators in the public and private sectors must collaborate to drive dialogue and act on the latest trends. Securing your organisation has never been of greater importance during this period of festivities.
The rise of e-crimes in 2023 and the criminal marketplace
There is a popular misconception that cybercriminals operate solo or in small cells. The threat landscape operates as a microcosm of “the real world.” Adversaries also sell services to other criminals, much like how legitimate businesses offer services to other businesses.
Also Read: Safeguarding digital assets through cybersecurity innovations
According to the CrowdStrike 2022 Falcon OverWatch Threat Hunting report, when looking at e-crime activity, retail was identified as one of the top five verticals by intrusion frequency globally between July 2021 and June 2022.
In the Asia Pacific and Japan region during the same period, the retail industry stood out as one of the top five industry verticals overall when looking at the cumulative total of both e-crime activity and targeted intrusions.
Just as retailers are searching for and employing new cyber defences, cybercriminals are evolving in their methodology and craft. Criminal organisations are adapting their tactics, techniques and procedures to stay ahead of security teams through legitimate employee credential harvesting and exploitation of new vulnerabilities from remote access applications, to name a few.
The Global Dark Web Intelligence Market size is expected to reach US$1.3 billion by 2028, rising at a market growth of 22.3 per cent CAGR, driven in part by another trend in the e-crime landscape, namely, the proliferation of the ransomware-as-a-service (RaaS) model – a business model between ransomware operators and affiliates in which affiliates pay to launch ransomware attacks developed by operators.
According to the 2021 CrowdStrike Global Security Attitude Survey, Asia-Pacific also clocked the highest average ransomware payment of US$2.35 million per attack, compared to US$1.55 million in the US and $1.34 million in EMEA. The vast global majority (94 per cent) of those who ended up paying their attackers were also forced into paying additional extortion fees, equating to US$734,677 on average.
Also Read: How to tackle cybersecurity threats during the holidays
To maximise their financial gains, e-crime adversaries have added the threat of data extortion to their arsenal, extracting and then threatening to leak sensitive customer or proprietary information to fuel specific and repeated victim targeting.
As we move towards the holiday season, it represents an opportunity for e-crime adversaries to strike, and SEA businesses would learn from recent, high-profile attacks on large-cap companies like Solarwind, Microsoft and Kaseya.
Focusing on cybersecurity is key
Organisations need to better protect and secure themselves to enjoy peace of mind during this festive period. Some tools and information can include:
- Combination of robust security hygiene and proactive detection: The seemingly overwhelming amount of new vulnerabilities and tactics employed by criminals may seem overwhelming. However, organisations can formulate a deliberate plan of action by employing a combination of robust security hygiene and proactive detection. By understanding that there is a human behind every attack, organisations can proactively look out for adversaries targeting them.
- Reviewing systems and ring-fencing: Organisations must proactively monitor for tell-tale signs of a pre-attack by identifying unusual access, maintaining up-to-date network diagrams and finally ring, fencing any attackers should they manage to break in.
- Secure organisational identity: Maintain proper visibility of administrative changes, especially with user accounts, as this is an early identifier of attacks.
- Arming employees: Employees need to be trained in taking personal responsibility for the organisation’s cybersecurity defence in the event a cyberattack occurs, especially during the festive period when key personnel may not respond promptly.
–
Editor’s note: e27 aims to foster thought leadership by publishing views from the community. Share your opinion by submitting an article, video, podcast, or infographic
Join our e27 Telegram group, FB community, or like the e27 Facebook page
Image credit: 123rf-gorodenkoff
The post Cybersecurity for retail: How to avoid e-crimes appeared first on e27.