The unique circumstances surrounding this year’s Black Friday create a real cybersecurity challenge for the retail sector. As the UK lockdown continues, this pivotal date in the retail calendar looks set to take place entirely online – and scammers will be waiting in the wings to secure a payoff of their own.
With the early Black Friday discounts and the continued coronavirus lockdown restricting all non-essential shopping until at least 2nd December, experts forecast that November will be a record-breaking month for online spending in the UK. While this will be good for the British economy, it will present ample opportunity for cybercriminals. Compounding the issue further is that many shoppers, who would have otherwise visited brick and mortar establishments, will be forced to take their custom online – and cybercriminals will have this vulnerable demographic firmly in their sights.
“This year, all eyes will be on who – and there will be some – falls victim to hackers’ increasingly smart tactics,” said Andrew Hollister, head of Labs R&D at security intelligence company LogRhythm. “Retailers are prime targets because of the breadth of data they hold – whether it’s bank details, email addresses or other personally identifiable information. There’s absolutely no doubt that cybercriminals will take advantage of online pandemic sales peaks to access networks unnoticed or execute malware that has been sitting on the network for months. There will likely also be rogue insiders who believe they can get away with striking their organisations from within, as we saw attempted in the recent Shopify incident.”
It continues to be the case that there is no silver bullet for cyberthreats, and retail organisations in the UK must follow cybersecurity best practice fundamental to their cybersecurity strategy. Continual monitoring for abnormalities in network, endpoint and user activity is required in order to detect a compromise as early in the lifecycle as possible, in order to halt the cybercriminals before they achieve their goal – be that exfiltration, corruption or destruction of data.
“In addition to the disruption and cost associated with a successful cyberattack, retailers are also under pressure from regulations such as GDPR, requiring prompt reporting of data breaches,” concludes Hollister. “Rapid detection and response capabilities are required if they are to have any hope of properly protecting their customers during what is already set to be a hugely stressful period.”