t has been reported that hackers have launched a cyber-attack on the Billabong and Quiksilver websites. Boardriders Inc, the US company which owns Quiksilver and Billabong – both founded in Australia – was targeted by international hackers two weeks ago. Customers are still reporting problems while using the company’s websites. The Californian-based company’s international operations, IT systems, communications, sales and distribution were all affected by the hack.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Cyber-attacks, of the sort impacting Billabong and Quiksilver, should seriously worry all retailers, especially as they ramp up for this year’s busiest shopping season – an attack of this proportion has the potential to cripple a business. With the sheer volume of shoppers turning to online retailers around Black Friday and Christmas, retailers need to be on red alert. This is effectively hunting season for cybercriminals now, and they are on the prowl for unprotected systems – to steal business or consumer data or to prevent a company’s normal operations. It is absolutely crucial that businesses ensure their cybersecurity measures are as stringent as they can be, and that their customers are as protected as possible.
People need to be reassured that their data and personal information is safe, or they will be less inclined to shop online. Businesses should take a step back and re-evaluate their IT security strategy and insure there is a full lifecycle security plan in place, entailing: education for employees, the best defences to protect against attacks, and the most reliable tools for zero-day detection.
Pre-Christmas attacks against retailers and e-commerces will likely spike by the end of this year. In light of a steady growth of targeted [and successful] ransomware attacks, both in terms of quality and quantity, victims are particularly susceptible to extortion and will almost certainly pay ransom during the hottest sales days of the year.
Growing complexity of IT infrastructure and clouded visibility of digital assets make effective cyber-defense virtually impossible, providing attackers with a multitude of entry points from the Internet via abandoned web applications, forgotten test systems, unprotected cloud storage or just business-critical systems with weak passwords. A lot of organizations underestimate and disregard how many of their corporate passwords are available for sale in the Dark Web. Attackers are well-aware of this low-hanging fruit and run overly successful password re-use and spear-phishing campaigns. Worse, such attacks are pretty complicated to detect and often remain unnoticed by the victims.
Holistic visibility of your digital assets, continuous security and anomaly monitoring combined with a third-party risk management can negate most common attack vectors deployed by cybercriminals in a modern threat landscape. Customers who prefer online shopping shall be cautious to any abnormal activities, ignore offers that are too good to be true and preferably have a dedicated credit card for e-shopping with alerts by SMS about every transaction.
The link between surfing and cybersecurity might not seem obvious, but recent attacks on Billabong and Quiksilver teach us two things.
First, every company is a software company. Businesses use software every day for commerce, banking, marketing, communication, payroll, and dozens of other functions. In addition, many businesses create products that include their own software.
Second, cybersecurity matters to everyone. No organisation can say \”that won\’t happen to us\” or \”cybercriminals don\’t care about us.\” Every organisation, no matter its function or size, must be aware of cybersecurity and make smart decisions to minimise risk.