Fear of ransomware and other cyberattacks will keep IT professionals on their toes over the holiday weekend.

The Black Friday weekend is traditionally one of the biggest of the year for online sales, but those sales hinge on the ability of retailers to keep their e-commerce sites going and to fend off threats from cybercriminals.

The stakes are undoubtedly high for retailers, as well as all kinds of companies, and so are the risks. Cybercriminals know that many IT security professionals will be home eating turkey instead of keeping an eye out for online attackers over the long weekend, making it a good time for them to launch an attack.

That’s why the Cybersecurity and Infrastructure Security Agency on Wednesday reminded companies, especially those that involve critical infrastructure, to keep their guard up, reiterating guidance it issued last year.

The message isn’t lost on Jon Hocut, head of information security at Brooks Running, who plans to stay close to his laptop the entire weekend. He’s charged with protecting the personal information of the runners who buy his company’s products, as well as guarding Brooks’ overall corporate systems from online attackers.

In terms of sales, the “cyber five” stretch, including Black Friday and Cyber Monday, is a huge sales event for the 100-year-old company known for its running shoes and apparel. Its e-commerce team expects traffic on the company’s retail site to jump 30% to 50% over those peak days.

If the site were to crash over the weekend, it could mean millions in lost sales and throngs of disappointed runners, but the Seattle, Washington-based company has more to worry about than that. Its computer systems also hold “shoe secrets” that need to be kept confidential, as well as the software that sends and tracks shipments to retailers.

The ransomware problem

The “worst nightmare” for many companies, Hocut said, would be a targeted ransomware attack, probably involving a Russian criminal gang staffed with cyberexperts, that would quietly infiltrate a company’s systems, then move through them without being detected.

The attackers would figure which systems are most critical, then find and compromise the company’s backed-up data. Everything would appear to be OK until around midnight on Thanksgiving, when the company’s incident response team is home, stuffed full of turkey and nearly asleep, he said.

“That’s when they start hitting all of your systems and taking them down,” Hocut said. “When you’re at your least ability to respond.

“That’s the nightmare, and that’s what we have to keep from happening.”

Ransomware really is nightmare stuff. The attacks, which have locked up entire computer systems at businesses, schools, hospitals and elsewhere, are getting more frequent, more successful and more expensive.

According to Sophos’ State of Ransomware report earlier this year, 66% of organizations surveyed said they were hit with a ransomware attack in 2021, up from 37% in 2020. And 6% of those attacks were successful in encrypting their victims’ data, up from 54% the year before. On top of that, the average ransom paid by organizations for their most significant ransomware attack grew by nearly five times, to just over $800,000, while the number of organizations that paid ransoms of $1 million or more tripled.

A big part of preventing that is making sure systems are locked down and there are enough people to respond if something does happen over the holiday weekend, Hocut said. At Brooks, the entire incident response team will be on call 24/7 over the holiday weekend.

The company also recently hired the cybersecurity company Illumio to help shore up its defenses. The idea is to segment off Brooks’ systems so that the damage is limited if a system is breached, said  PJ Kirner, Illumio’s co-founder and chief technology officer.

Kirner likened the company’s systems to the structure of a submarine, noting that subs are built in compartments, so that if one part of a sub is breached, it can be sealed off and stop the sub from sinking. If a company can quickly detect a breach and prevent the attackers from moving through its systems, it also can limit the damage, he said.

The idea isn’t a new one. The inability of companies to silo off their most precious data has long been blamed for some of history’s most massive data breaches. But segmenting massive computer systems is easier said than done, Kirner said.

That’s particularly true for Brooks, Hocut said. The century-old brand, a subsidiary of Berkshire Hathaway, has seen significant growth in recent years. In 2021, its revenue totaled $1.11 billion, marking its first year over the $1 billion mark.

The threats companies face have also changed, Kirner said. While the thought of a massive data breach might have kept security professionals awake at night just a few years ago, the major threat now is the kind of ransomware attack Hocut described.

“If you look at attacks maybe five years ago, they were data confidentiality issues,” Kirner said. “You got the customer list, you got emails, you got credit cards. They were about a breach of confidentiality.”

Ransomware, in comparison, is about a company’s operations.

“Why are we talking about retail now? Because Thanksgiving is the most impactful operational day of the year,” he said, adding that customer data is just as valuable to cybercriminals any other day of the year.

It’s those operational threats that will keep Hocut and his staff on “maximum paranoia mode” at least through the end of the weekend. They’ll be taking a close look at any alerts that pop up and will be very grateful and happy when they turn out to be false positives, he said.

Other IT professionals may not be so lucky.

“I expect that 90% of my friends who do incident response as a specialty will probably be working on somebody’s painful experience this holiday weekend,” Hocut said.


Watch Spain vs. Morocco World Cup 2022 Match From Anywhere

Morocco lit up the group stage with some sumptuous goals, while Spain stuttered against South Korea last time out. This could be a cracker.

View more: Watch Spain vs. Morocco World Cup 2022 Match From Anywhere

Coros Apex 2 Pro review – The rise of the anti-Fenix?

Can Coros' Apex 2 Pro multisport watch take on top Garmins such as the Fenix 7X or the Enduro 2?

View more: Coros Apex 2 Pro review – The rise of the anti-Fenix?

Buy a Google Pixel phone this Christmas and get a free Fitbit Versa 4 smartwatch

Google Pixel 7, Pixel 7 Pro and Pixel 6a phones from select retailers will snag you a free watch

View more: Buy a Google Pixel phone this Christmas and get a free Fitbit Versa 4 smartwatch

LG S95QR review: a fully-immersive cinematic experience

LG adds a centre height channel for greater immersion on its high-tech flagship soundbar

View more: LG S95QR review: a fully-immersive cinematic experience

Does exercising before bed help or hurt your sleep?

What exercising before bed does to your body and its sleep patterns

View more: Does exercising before bed help or hurt your sleep?

Star Wars Machete Order: How to watch the Star Wars movies in order

Here's why the Machete Order is the way you should watch the Star Wars saga

View more: Star Wars Machete Order: How to watch the Star Wars movies in order

Did we just get the first glimpse of the Google Pixel Fold?

A leaked benchmark could have just given us some insight into the first ever Google foldable phone

View more: Did we just get the first glimpse of the Google Pixel Fold?

Sky Glass customers are getting a game-changing new update this week

Improvements to the picture quality will make it look like a whole new TV, and that's not the only upgrade on the way

View more: Sky Glass customers are getting a game-changing new update this week

6 Gifts to Impress Even the Most Jaded of Tech Junkies

You can now repair your own iPhone or MacBook via Apple Self-Service

iPhone Flip suddenly looks like the ultimate foldable phone

Eufy Smart Scale P2 Pro review – Sleek, streamlined and seriously high-tech

Whatever you do, don't buy an OLED monitor right now. Here's why

BOE Unveils Record-Breaking 600 Hz Gaming Screen Beating Alienware's Peak 480 Hz Panels

Will you be invited to join the Netflix Preview Club?

"World's first punch bag with a brain" can improve your boxing skills at home

Is the Android 13 update available for your Samsung Galaxy? Here's how to check

5G in-flight: EU scraps the need for Airplane Mode from 2023

How to Create, Use or Delete Bookmarks in Word

Should You Buy A Camera on Amazon?


Top Car News Car News