‘Tis the season for online shopping sales, and that means the white hats and black hats are both vying for a win to create an atmosphere of trust – or deception – for retailers and shoppers alike.
While the US government continues to issue warning announcements ahead of Black Friday and Cyber Monday (November 29 and December 2, respectively), Israeli cybersecurity experts say that while the fraud potential is real and inevitable, both retailers and shoppers can – and should – still feel safe to take part in the online sale festivities.
It is no secret that retailers will be affected, with cybercriminals attacking data, extorting companies, and setting in motion ransomware attacks.
At the end of October, the US Federal Bureau of Investigation issued a highly-cited warning to small and medium-sized businesses and government agencies about e-skimming attacks, whereby hackers exploit vulnerabilities in e-shopping platforms or placing the malicious code inside a company’s account to access credit card information.
“Black hats are an extremely creative group of people who are playing a game of tag with the authorities. The moment government authorities send out a warning or announce a solution, the black hats will create a new attack method,” Einat Meyron, an Israeli cyber resilience expert, tells NoCamels. “It’s a game of cat and mouse.”
The FBI warning comes in the wake of an intensification of these types of attacks during the last two years.
“The FBI warning is not new. I understand why they issued this warning now, ahead of the holiday sales. But the concept of hackers or malicious cybercriminals looking for creative ways to steal data and credit card details and commit online fraud is not new. We have years of experience with all sorts of data breaches and malicious attacks,” says Meyron.
Indeed, Israel is considered a powerhouse in cybersecurity.
Almost daily headlines announce cyber collaboration or an acquisition of an Israeli company. This month, Calcalist reported that Google had invested millions of dollars in IoT security company Armis. A few days earlier, NoCamels reported that US cybersecurity company Proofpoint announced its intentions to acquire ObserveIT, an Israeli-founded insider threat management company.
“Israel’s longstanding position as a leader in the global effort to prevent cyber-crime remains indisputable,” reads a 2018 report by Start-Up Nation Central, which tracks the local tech industry.
In the US, sales predictions for Black Friday are $7.5 billion, an increase of more than 20 percent over last year. Israeli technologies and solutions are among those employed by global retailer sites to keep cyber threats at bay in the online space. In fact, at the upcoming CyberTech Global meetup, set to take place in January in Tel Aviv, there’s a session dedicated to retail in the cyber era.
“My hunch is we’ll see more attacks through the cloud and specifically through Kubernetes infrastructures. Cloud security is a very happening scene in Israel,” says Amir Ofek, CEO of Alcide, noting Palo Alto’s acquisition of Israeli Twistlock earlier this year and continued investment in Ramat Gan’s Aqua Security’s cloud-native applications.
The FBI warning made headlines across the globe. But the retail sector is under constant threat, says Meyron, who helps companies prepare for dealing with cyber crises.
Sign up for our free weekly newsletterSubscribe
“Cyber threats are happening every minute, every hour, every day. Many companies have security operations centers to deal with these threats full-time, all the time. There are tens of potential attacks happening all the time. So, now, in the build-up to online shopping festivals, this is the D-Day, the time for companies to step up their ongoing activities, raise awareness and ensure their staff understands response plans… days like Black Friday, Singles Day or Cyber Monday bring a higher volume of activity in sales and with them threat actors,” says Meyron.
“Companies must be alert. If a CEO calls a meeting with the head of IT to ask what is being done during this month of online shopping festivities, that company’s CEO has already raised the level of awareness. And this is great. As a consumer, my job is to make sure that I’m on a genuine site and not a third-party link. But it is the retailer’s obligation to keep me safe on their site,” she explains.
Ofek, CEO of Alcide, a cloud-native security platform to secure workloads running in Kubernetes, says retailers and consumers both have an active role to play in keeping personal information safe. “You need to worry all the time as the consumer. Always worry about sharing your credit card, monitor your transactions and continuously change passwords,” he says.
That said, Ofek encourages retailers to share their cybersecurity activities.
“[When retailers] adopt cloud security solutions that address early stages of protection, as a consumer, you can be more assured preventative actions are taking place. At the end of the day, the companies and brands that adopt security and share activities they’re doing in terms of security will prevail because consumers will feel more secure in their realm than to companies who look to security as an afterthought or are waiting to be hit and then solve the issue,” says Ofek.
And yet even with black hats geared toward the retail sector, Assaf Feldman, co-founder and CTO at Riskified, tells NoCamels that ‘tis the season for retailers to rejoice.
“The Black Friday/Cyber Monday weekend is enormously important for eCommerce merchants, as they see a huge surge in volume that can have a significant impact on their bottom line. They also see an increase in fraud, which can spook some merchants and prevent them from fulfilling legitimate orders. It’s understandable, but it’s also unnecessary,” says Feldman, whose company Riskified, which provides anti-fraud services for online transactions, became the latest fintech to reach unicorn status earlier this month.
And though Singles Day, Black Friday and Cyber Monday have no Israeli connection per se, locals take advantage of these online shopping days just the same. Late last year, a report by the Israel Postal Company showed that 13.5 million packages were delivered in November 2018 in the wake of these special online shopping sales days.
“The good news for e-commerce merchants is that the increase in traffic from legitimate shoppers far outweighs the increase in fraud during this period. While fraud ticks up slightly, sales from legitimate shoppers increase between 200 percent and 400 percent,” he says.
“The takeaway is simple – don’t be overly cautious during this period. Approval rates should be at least as high as they are during the rest of the year and likely much higher. Being aggressive about approvals during this busy season will help merchants maximize revenue in the short term and create loyal customers in the long term.”
Viva Sarah Press is a journalist and speaker. She writes and talks about the creativity and innovation taking place in Israel and beyond. www.vivaspress.com