Freely subscribe to our NEWSLETTER

“The unique circumstances surrounding this year’s Black Friday create a real challenge for cybersecurity professionals working in the retail sector. As the UK lockdown continues, this pivotal date in the retail calendar looks set to take place entirely online – and threat actors will be waiting in the wings to secure a payoff of their own. While the likely record online sales will be good for the British economy, this will present ample opportunity for scammers and cybercriminals to flourish. Compounding the issue further is that many shoppers, who would have otherwise visited brick and mortar establishments, will be forced to take their custom online – and cybercriminals will have this vulnerable demographic firmly in their sights.

“This year, all eyes will be on who – and there will be some – falls victim to hackers’ increasingly smart tactics. Retailers are prime targets because of the breadth of data they hold – whether it’s bank details, email addresses or other personally identifiable information. There’s absolutely no doubt that cybercriminals will take advantage of online pandemic sales peaks to access networks unnoticed or execute malware that has been sitting on the network for months. There will likely also be rogue insiders who believe they can get away with striking their organisations from within, as we saw attempted in the recent Shopify incident.

“It continues to be the case that there is no silver bullet for cyberthreats, and all organisations should follow cybersecurity best practice as the central plank in their cyber defence strategy. Continual monitoring for abnormalities in network, endpoint and user activity is required in order to detect a compromise as early in the lifecycle as possible, in order to halt the cyberattackers before they achieve their goal – be that exfiltration, corruption or destruction of data. In addition to the disruption and cost associated with a successful cyberattack, retailers are also under pressure from regulations such as GDPR, requiring prompt reporting of data breaches. Rapid detection and response capabilities are required if they are to have any hope of properly protecting their customers during what is already set to be a hugely stressful period.”