Black Friday: How Retailers Can Get Through the Cyber Turbulence Unscathed

From Black Friday bonanzas to Cyber Monday marvels, the retail sector sees an immense spike in online traffic, making it a playground for cyber adversaries. Eugene Yiga considers the strategic foresight and tactical fortification needed to navigate the cyber turbulence of retail’s busiest period

For chief information security officers (CISOs) in the retail sector, the focus at this time of year shifts to ensuring a protected digital frontier amidst a heightened threat landscape.

The high-stakes, high-traffic days of Black Friday and Cyber Monday are circled on every retailer’s calendar as golden opportunities for revenue maximisation. Yet nestled within the promise of skyrocketing sales is the lurking threat of cyber attacks keen on exploiting the frantic pace of these retail mega days.

“The holidays and associated sales are a great way for hackers to leverage a person’s account as a door to your company,” says Aimei Wei, co-founder and chief technology officer at Stellar Cyber. “The surge in online activity during this period creates a fertile ground for cyber assailants to exploit the slightest oversight. As employees juggle between personal and professional tasks amidst the retail frenzy, the chances of errant clicks on phishing links or downloading malicious attachments multiply. Unfortunately, a mere oversight in a personal email could escalate into a full-blown intrusion into the company’s network. The cascading effect of such a breach can be catastrophic, with potential repercussions reverberating far beyond the festive season.”

“Ransomware gangs often target retailers during major shopping holidays to maximise the chances of getting paid” Mike Toole

Indeed, ‘tis the season to watch out for non-corporate accounts being used to penetrate your organisation, from the classic CEO email from ‘their’ Gmail asking for a wire transfer to odd requests that seem timely but are not from an employee’s business account. The guise of urgency often accompanying these requests can cloud judgement, pushing employees to act swiftly and bypass the usual security protocols. Even seasoned personnel could fall prey to sophisticated, well-crafted phishing emails or messages that adeptly mimic the tone and urgency typical of executive communications. This is how a seemingly benign email in the hustle of Black Friday could morph into an alarming breach, with hackers gaining unfettered access to sensitive corporate data.

“Ransomware gangs often target retailers during major shopping holidays and choose the timing to maximise the chances of getting paid,” explains Mike Toole, head of IT and security at Blumira. “Increased online traffic and sales means more potential victims. Retail websites get a huge surge in traffic during holidays like Black Friday and Cyber Monday. This gives criminals a larger attack surface to target with things like phishing emails or compromised ads. Successfully infecting a retailer right before peak sales season can be very lucrative.”

Click or cheat

Retailers are under pressure to keep systems running, especially when sales are set to be at their highest. Downtime during the holidays can mean significant financial losses for retailers. This makes them more likely to pay the ransom to get back online quickly if hit with an attack. The ripple effect of downtime tarnishes a retailer’s reputation and erodes the trust that customers have, which can have long-term implications on customer loyalty and revenue. Just look at what happened to Ace Hardware. The hardware store empire was grounded last week without the ability to process online orders due to a cyber attack.

“Lower staffing can impact security,” Toole says. “IT and security teams are often minimally staffed on holidays and weekends. This can slow detection and response times, giving attackers a longer window to spread ransomware before getting noticed. The lag in response can exponentially magnify the extent of damage, making the road to recovery a steep uphill climb post the festive season.”

Another problem is that high inventory levels create urgency to pay. Retailers have lots of extra products in stock for the holidays. If they can’t sell it due to ransomware locking systems, they stand to lose a lot. This urgency makes them more likely to pay. The tethered hope of salvaging the holiday sales season might push retailers to acquiesce to the demands of cyber extortionists, further fuelling the vicious cycle of ransomware economy.

“It’s also harder to recover from backups,” Toole explains. “Backups still get encrypted by ransomware. With constant changes to inventory systems during holidays, restoration from older backups is challenging. This limits options other than paying the ransom. The dynamism of inventory data during this period makes each minute of downtime a potential loss of critical data, further narrowing down the recovery pathways and amplifying the pressure to meet the hacker’s demands.”

Sleighing the hackers

Retailers (especially online retailers) need to strengthen their cybersecurity infrastructure to prevent, identify, and block phishing attempts that exploit the high traffic of the shopping season, especially during the potentially chaotic Black Friday sales season. Given the 208% rise in fraud mimicking e-payment systems, preventing these targeted attacks is critical.

“The frontline of defence against cyber threats during the high-stake retail days of Black Friday and Cyber Monday often rests with the employees,” says Bill Reyor, senior incident detection engineer at Blumira. “Training staff to recognise fake payment pages is crucial to fortifying a retailer’s cybersecurity posture. This training should be thorough and tailored to cover the nuances and tactics employed by cyber adversaries in crafting fake payment pages.”

“The frontline of defence against cyber threats during the high-stake retail days of Black Friday and Cyber Monday often rests with the employees” Bill Reyor

The training should extend beyond just recognition. Staff should be equipped with clear protocols for promptly reporting suspected fraudulent activity and communicating payment fraud to customers in a manner that preserves trust and the customer experience. By doing so, the organisation is safeguarded, and the customer’s confidence is also upheld, fostering a secure shopping environment.

“Employing reliable security solutions is another non-negotiable imperative,” Reyor says. “With the right security solutions, threats can be detected and neutralised before compromising the system or customer data. That’s why it’s crucial to invest in state-of-the-art security technologies that offer real-time monitoring, threat detection, and immediate neutralisation of threats.”

This security solution should be comprehensive, i.e. encompassing the payment systems and the entire digital infrastructure. Moreover, it’s prudent to have these solutions tested and optimised well before the retail rush to ensure they are battle-ready for the heightened threat landscape that Black Friday and Cyber Monday bring.

“Enabling phishing protection and multifactor authentication (MFA) everywhere possible is a tangible action that significantly elevates the security threshold,” Reyor advises. “Phishing protection tools can help identify and block phishing attempts before they reach the end-user. On the other hand, MFA provides an additional layer of security, ensuring that even if credentials are compromised, the likelihood of unauthorised access is minimised. MFA requires at least two forms of identification before granting access to an account, thereby adding a robust layer of protection. Integrating these security measures across all digital touchpoints will create a fortified barrier, making it exceedingly difficult for cyber adversaries to penetrate the organisation’s digital domain.”

Don’t be a turkey

Right now, it’s prudent to ramp up internal communications and emphasise the need to double-check unexpected requests, especially those originating from non-corporate accounts. Conducting refresher training on recognising phishing attempts and other cyber threats could strengthen the human firewall.

Many retailers are also checking their cyber insurance policies to ensure their ducks are in a row if the worst should occur. Ed Ventham, cyber insurance broker and co-founder at Assured, advises retailers to check they have first-party coverage and that data restoration costs are included in cyber insurance policies. “If you consider the cyber attack on Ace Hardware last week, the company’s service was massively disrupted, with over 1000 devices and nearly 200 servers corrupted. In insurance terminology, the recovery after the initial incident response assistance is known as digital asset restoration. This type of cover is essential for retailers given the wide range of software, firmware and hardware used across multiple retail sites, from warehouses to stores and point of sale systems,” Ventham says.

“A solution beyond tech is to encourage all your employees to be on the watch for these ‘too good to be true’ offers and be mindful of requests from personal emails or phone texts,” Stellar Cyber’s Wei adds. “Always contact that individual through a different manner and confirm their intent.”

Ultimately, incorporating a culture of scepticism and verification during this period is paramount. Fostering collective vigilance could act as a formidable deterrent against cyber threats, ensuring that the company sails through the retail storm unscathed and with its digital assets securely intact.