Marking the beginning of the festive shopping season, Black Friday promises some of the most outrageous deals available as consumers begin the countdown to Christmas. However, this year will be like no other. With varying lockdown measures in place across the world, the vast majority of Black Friday’s activity will come online, and if the security precedent of this year is anything to go by, we can also expect malicious cyber activity to accompany it.
With that in mind, Cybersecurity Magazine has spoken with six security experts, each offering their insight on how retailers can keep their online platforms secure as we approach the beginning of the festive shopping season.
Skip the skimmers
The number of transactions per second will be through the roof on Black Friday, and each and every one presents an opportunity for external threats, explains Andy Collins, Head of Security at Node4:
“Shops will be pulling out all the stops to maximise this opportunity, as their bricks and mortar counterparts are closed.
“However, this could all be scuppered if any length of downtime or breach is experienced, as not only is the customers’ experience negatively affected, but with consumers looking elsewhere for deals, sales could also drop. In these turbulent times, this is far from ideal.
“The biggest threat retailers will likely see is credit card skimmers, such as Magecart, being injected into e-commerce sites. With this in mind, it’s important for retailers to ensure all e-commerce software and content management systems are updated to the latest versions, prior to the big weekend.”
Encryption is everything
With increased online traffic, retailers become increasingly at risk of “being targeted for data leakage or theft,” according to Jan van Vliet, VP EMEA at Digital Guardian:
“For example, an attacker could attempt to intercept communications between the customer and the application. This is commonly referred to as a man-in-the-middle attack and means that anything the customer sends to the retail website can be viewed, intercepted and changed by the attacker.
“E-commerce sites should utilise encryption techniques when transmitting customer data across the Internet,” continues van Vliet. “Retailers should regularly investigate all partners who have access to customer data to understand exactly who has access and how any given partner’s security stacks up against the retailer’s own data protection policies.”
Keeping customer data safe
Anurag Kahol, CTO of Bitglass, echoes the point of securing data. While analysing customer habits can potentially cut retailers apart from their competition, the ramifications of exposure can also be devastating:
“While ramping up efforts to collect this data, it is even more important to store it safely in order to meet data privacy regulations like GDPR.
“Companies of all sizes must take full responsibility for securing their customer data. The consequence of failing to protect sensitive data can result in massive fines, not to mention the resulting damage to brand reputation.
“Obtaining full visibility and control over corporate data starts with a multi-faceted approach to security. Specifically, solutions that enforce real-time access control, encrypt sensitive data at rest, and manage the sharing of data with external parties, can help proactively prevent data leakage.”
In-store security cannot be forgotten
While much focus will be on e-commerce this year, Rishi Lodhia, Managing Director, EMEA for Eagle Eye Networks reminds retailers whose stores remain open that on-premise security cannot get left behind:
“Behind the Black Friday fun and Cyber Monday super-sized deals, lies the unsavoury truth that theft and fraudulent purchases are one of the biggest issues retailers face.
“In addition to merchandising security, smart inventory management tools and other things like anti-theft signage, video surveillance is the single best way to prevent theft, enabling retailers to keep an eye on multi-store locations. If the worst does occur, today’s cloud-based video surveillance platforms have the capability to quickly pinpoint when an incident or theft occurred and share video evidence with the appropriate authorities.”
Patience is a virtue
With an increased reliance on IT this year, Stephen Roostan, VP EMEA at Kenna Security, argues, “Any knock-on impact on availability and performance must be avoided at all costs.
“According to the Cyentia Institute, a typical organisation has the capacity to fix about one out of 10 vulnerabilities in their environment, notes Roostan. “Day in, day out IT and security teams are drowning in data about vulnerabilities generated by multiple sources. To compound the problem, all this data comes in too fast and in a format that’s simply too difficult to understand.
“For the IT and security teams, this make or break period is definitely not the time to be making significant upgrades or proactively deploying major patching initiatives. All the must-do IT projects will either have been completed, or put on the back-burner for now.
Beware the ransomware
Ransomware has caused a number of problems over the course of 2020, and Gijsbert Janssen van Doorn, Director Technical Marketing at Zerto, warns retailers that falling victim to an attack on Black Friday can be doubly catastrophic:
“Many retailers will be concerned with ransomware attacks during this period. Usually delivered through phishing emails, retailers know that just one staff member clicking the wrong link could compromise the entire organisation.
“Indeed, some retailers may have already been exploited – ransomware is often left untriggered until a specific time. In this instance, hackers might hold off until they can do maximum damage – for example early morning on Black Friday. By holding off, the impact of the attack doubles: a retailer’s entire operation has been shut down on the most profitable day of the year, all while being held to ransom.
“To avoid this, retailers need to ensure cyber resilience – with technology solutions in place that can quickly and effectively provide recovery after an attack.”
As we approach an online-only Black Friday, keeping online systems secure and ensuring that data doesn’t fall into the wrong hands will be at the top of every retailer’s to-do list. With a focus on cybersecurity measures, this can definitely be achieved, allowing Black Friday to be a breeze rather than a storm.