Mitigating The Security Risks Of Black Friday 

Uploaded on 2023-11-18 in TECHNOLOGY--Resilience, FREE TO VIEW

One of the biggest shopping events of the year is looming where busy retailers and eager shoppers are gearing up for Black Friday. Limited time offers encourage higher purchase numbers and rising sales, but businesses must also be aware of the increased risk of cyber attacks during this period.

Website traffic, online transactions and data transfers significantly rise during Black Friday as consumers take advantage of the unmissable deals and discounts on offer, and with more shoppers expected to shop online rather than in-store, retailers are a tempting target for cybercriminals looking to disrupt their operations. Businesses focus on allowing customers to conduct online transactions but they often fail to implement adequate cybersecurity measures, leaving them vulnerable to attacks. 

Protecting Data & Information

It’s paramount for retailers to ensure the security of their customer's data and personal information. Dominik Birgelen, CEO of oneclick AG explains that retailers' success during the Black Friday period depends on performance and security. He explains that “The right solutions, infrastructure and technical setup will support retailers during this time by ensuring lightning-fast and responsive e-commerce websites as well as uninterrupted service during peak demand.” He also adds that to effectively mitigate internal and external cybersecurity risks “Retailers need robust solutions that not only allow them to secure their assets but also to consistently monitor and spot malicious activities.”

The consequences of a cyberattack not only negatively impact sales, but are also extremely damaging to a retailer’s reputation, putting them at risk of losing their customers’ trust and loyalty. Some of the most common cyber security threats facing retailers include credential threats, phishing and bot scams, and insider threats

The majority of online users think that retailers are personally responsible for tackling these problems. Michael Jenkins, CTO at ThreatLocker agrees, stating “Organisations are responsible for protecting the data of their stakeholders, employees and customers, making them liable for implementing data breach prevention methods.”

Human error remains one of the largest contributors to cyber attacks, with 9 out of 10 of all data breaches being caused by employee mistakes. Michael also adds that “While operating on a tight schedule, an employee opening an inappropriate link, mistakenly giving users access to private information, or downloading compromised data can cause significant downtime, severely limiting businesses' ability to capitalise on Black Friday opportunities, loss of profit and damage to reputation.

“Businesses should prepare for the surge in cyberattacks during Black Friday by first educating their employees about potential threats and behaviours that make them vulnerable to ransomware and other potential threats.”

A Zero Trust Strategy

To effectively mitigate internal and external cybersecurity risks over the festive period, retailers need robust solutions that not only allow them to secure their assets but also to consistently monitor and spot malicious activities. Michael recommends zero trust, explaining that “The concept of ‘Zero Trust’ seeks to eliminate the idea of default access and trust. Just because a device is within a trusted firewall, network, or software, it does not mean that it should be trusted automatically. Zero Trust means that internal or external access is independently verified.

“Zero Trust is a comprehensive cybersecurity strategy that addresses both software and network vulnerabilities. Allowlisting and Ringfencing are examples of tools that, respectively, limit a single person's access to software and applications, as well as create firewall-like restrictions that limit application access to files, registry, the internet, and interaction with other applications."

Dominik also agrees that this strategy allows retailers to mitigate cyberattacks explaining “A Zero Trust Approach is a security framework that assumes no inherent trust within a network. It focuses on verifying every user and device attempting to access resources, regardless of their location or network. Retailers can adopt ZTA principles by implementing multifactor authentication, granular access controls, and continuous monitoring to ensure that only authorised entities can access sensitive data or systems.” 

Being Vigilant For An Attack

Fraudsters stole £580 million from British consumers and businesses in the first six months of 2023. Black Friday offers bad actors the chance to capitalise even further on these fraudulent attacks. Despite the technological advancements that have empowered businesses to bolster their cybersecurity, hackers continue to leverage the latest innovations to make their attacks more sophisticated.

This should act as a wake-up call for retailers to adopt a cybersecurity strategy and educate employees on the relevant tactics that can help them fend off a cyber attack this Black Friday.

Image: Unsplash+    thumbnail:  ElisaRiva

You Might Also Read:

Why Is Retail Cyber Security So Weak?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Australian Ports Recovering After Large-Scale Attack 
Surging Attacks On Israeli Websites »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Ascentor

Ascentor

Ascentor specialises in independent information and cyber security consultancy. We’re experienced industry experts, providing cyber security services since 2004.

Tech Industry Forum (TIF)

Tech Industry Forum (TIF)

Tech Industry Forum is a not-for-profit, membership driven trade body. We bring together end users and some of the UK’s leading cloud, software, platform, infrastructure, and service providers.

BigWeb Technologies

BigWeb Technologies

BigWeb Technologies is dedicated to provide its clients with ICT related services including Infrastructure Solutions, Consultancy and Security.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

ECOMPLY

ECOMPLY

ECOMPLY is an all-in-one GDPR Compliance Solution. Efficient data protection management system for businesses and DPOsomply.

InfoExpress

InfoExpress

InfoExpress provides network security solutions that enhance productivity and security through better visibility, improved security, and automating device and mobile access to the network.

ISTC Foundation

ISTC Foundation

ISTC Foundation is one of the leading innovation centers in Armenia, founded by joint initiative of IBM, USAID, Armenian Government and Enterprise Incubator Foundation.

Quantum Armor

Quantum Armor

Quantum Armor is a next-gen cyber security monitoring platform that allows you to continuously stay aware of your security posture, and proactively spot trends, vulnerabilities and potential attacks.

XioGuard

XioGuard

XioGuard is a managed security service for 360-degree cybersecurity coverage, protecting the entire attack surface, increasing performance, reducing cost, and simplifying operations.

Yogosha

Yogosha

Yogosha is a crowdsourced cybersecurity platform enabling a win-win collaboration with the most talented hackers to detect and fix vulnerabilities on your most critical systems.

Orro Group

Orro Group

Orro create 'future now' solutions that make it faster, simpler and safer for you to access, store and share information. Wherever, whenever and with whomever you want.

Otto

Otto

Stop Client-Side Attacks. Plug otto into your application security suite and protect your supply chain.

QuantumCTek

QuantumCTek

InfoSecTrain

InfoSecTrain

InfoSecTrain are a leading training and consulting organization dedicated to providing top-tier IT security training and information security services to organizations and individuals across the globe

Upwind Security

Upwind Security

Upwind delivers comprehensive cloud security, precisely when and where it’s most critical.

SOC-E

SOC-E

SOC-E is a leading technology provider for high-availability and deterministic networking, sub-microsecond synchronization and cybersecurity solutions for critical sectors.