Image credit: Pixabay

Retail Cybersecurity During Black Friday and Cyber Monday: Mitigating the Risks

October 29, 2020


With Black Friday and Cyber Monday around the corner, the retail industry is heading into the busiest period of the year. Every year, cybercriminals seek to exploit the retail feeding frenzy by stepping up their attacks exponentially during the biggest shopping events of the year. The best way for retailers to keep their customers happy and their businesses safe is to understand common threats and how to mitigate the risks. 

Businesses Face Malware, Ransomware, and Phishing Surge

Last year, consumers spent $7.4 billion online during Black Friday, up to $1.2 billion from 2018. On Cyber Monday retailers collected $9.4 billion in online sales during the frantic shopping holiday, according to Adobe Analytics. These eye-popping numbers have coincided with steep increases in cyberattacks and data breaches leading to huge financial losses for both consumers and businesses. 

Threat researchers from SonicWall Capture Labs recorded a double-digit malware spike (63%) in the U.S. during the eight-day holiday shopping window from November 25 to December 2. In the U.S., both malware (130%) and ransomware attacks (69%) were up on Black Friday compared to 2018. This trend continued on Cyber Sunday with increases in malware (107%) and ransomware (9%), the company data showed.

Common Security Issues for Retailers During Shopping Holidays

Staff issues and phishing

90 percent of all personal data breaches are staff-enabled. Either by accident or maliciously, people are the weakest point of any security system. Hackers could compromise employee accounts, thus greatly increasing the impact of their attacks. Social engineering, one of the most popular strategies, utilizes various techniques to trick staff into clicking on compromised links, giving away sensitive data. Theft or unauthorized access of computers and devices could lead to fines for companies, followed by loss of revenue and reputation. Strong security practices and training on identifying phishing emails can avoid these types of crimes. 

Third-party code is always risky

External components installed on the seller’s website can be a gateway for attackers looking to gain access to sensitive information. It can be almost anything, from outsourced technological tools that generate website activity to advertising and/or analytics tools. Most third-party applications are controlled remotely, so if a vendor is breached you immediately become exposed to supply chain attacks and data theft. Tens of thousands of e-commerce websites were hit by such attacks over the past years.

Fake websites

One of the most popular ways cybercriminals will try to trick shoppers into falling for their scams is by setting up fake websites. Hackers often clone websites to dupe consumers into thinking they are shopping on legitimate sites.

“Scammers know legitimate businesses use the season to create a sense of urgency, with time-limited offers and low prices that are hard to turn down. They use these exact tactics to dupe victims into taking the desired action”, Kaspersky experts say in a blog post.

The consequences of such attacks can be disastrous for a business, as affected customers lose confidence in the brand. Experts advise retailers to immediately inform their customers about the existence of such fraudulent websites if any are found.

Cybersafety Tips for Retailers During Black Friday and Cyber Monday

Staff training

As we mentioned before, your employees will always be the weakest links in the security chain. Staff members carry the potential to open the door to attackers. Provide consistent and thorough training, to reduce the probability of a successful phishing attack. 

Find and isolate scams

Be proactive and always on the lookout for scams posing as your brand. Isolate them before they cause irreparable damage to your company. Moreover, educate your customers on how to spot social engineering attacks. Most often, subtle changes (poor spelling and grammar, pixelated images, sub-standard content, weird address, etc.) indicate a fake site. 

Test and monitor

One key measure for any healthy business is to regularly test and monitor cybersecurity practices. As hacking techniques are becoming more and more sophisticated, it is vital to keep up with developments in the industry. In the US, the FTC provides guidance on Cybersecurity Basics with key advice on what small businesses need to remember in order to keep their data secure. 

Retail is an attractive target for cybercriminals, especially during the most important shopping events of the year. In recent years, security experts noticed not only a significant increase in threats to online retailers but also a rise in the level of sophistication. CEOs and IT managers must ensure the right security is in place when getting their business ready for the big shopping holidays.