For CISOs, the holiday season can seem not so merry and bright. Black Friday and Cyber Monday, two key online shopping dates surrounding Thanksgiving, plus holiday travel plans, bring an influx of shoppers and transactions. The result is a tricky dynamic that can keep CISOs and their security teams hopping.

Customers, who might also be employees with corporate devices, are buying gifts or booking travel — putting their corporate data or personal information at risk; online e-tailers and travel sites are getting high volumes of traffic — putting  more pressure on IT to make sure things are running as they should from a security and performance standpoint; and in the background, cyber attackers are waiting to capitalize on the whole situation.

As Cyber Talk reported last week, hackers are hijacking airline and other travel-related loyalty programs to turn around and offer discount travel, fraudster-style. Adding to the airline-industry CISO’s headaches: a bot epidemic.

Dark Reading reports that a new study that focuses on the impact of bots on airlines finds, “malicious bots make up 43.9% of all airline web traffic — about double the 21.8% average for all industries. The highest bad bot percentage for one airline? About 94.6%.” This type of activity can manipulate pricing and fees by falsely appearing to be legitimate customers searching for flights.

Meanwhile, according to a separate study reported by TechRepublic, most employees are oblivious to the inherent cyber risks of travel. Results indicate that 77 percent of workers connect to free or public WiFi while traveling. And, 63 percent will use that connectivity to access work emails and files.

TechRepublic notes that this supports another study: “Collated with findings from the Ponemon Institute, which reports that 64 percent of all insider threat incidents in the last year were caused by negligent employees, the implications become cringe-worthy for IT security workers.”

Three courses of action that can minimize the risk of data leaks and cyber attacks are:

  • Educate employees at all levels, including the c-suite. Keep everyone informed about risks and appropriate actions to prevent threats from getting in. Spearphishing has become exceptionally sophisticated and can entrap anyone.
  • Make sure the security infrastructure is not just patched, but also designed holistically, with current technologies — outdated infrastructures with cobbled-together point solutions can’t stand up to current modes of attack.
  • Optimize visibility to uncover anomalies in network activities.