By Alison Frost, Threat Specialist at Adarma
Black Friday and Cyber Monday are two of the year’s biggest shopping events, with searches for “best Black Friday deals” spiking in anticipation. PwC estimates that this year the total UK shopper spending will reach £7.1 billion over the Black Friday period. For online retailers, this period represents a golden opportunity to maximise revenue, but it also increases the risk of cyber threats.
During peak shopping periods like Black Friday, retailers face increased customer demand, reduced staffing due to employee holidays, and stretched IT teams managing system performance. This combination can lead to weakened cybersecurity monitoring, leaving retailers vulnerable to cyberattacks.
From an attacker’s perspective, the heightened demands and distractions during this period create ideal conditions to carry out nefarious activities undetected. The pressure on retailers to maintain smooth operations further increases their vulnerability to extortion. Downtime can be incredibly costly, with small businesses incurring an estimated loss of approximately £107 to £334 per minute. At the same time, larger enterprises may face costs exceeding , equivalent to over £750,000 per hour. If an online retailer is looking forward to higher revenue on Black Friday or Cyber Monday, a DDoS attack can quickly wipe out eagerly anticipated sales.
Compounding this financial risk is the potential fallout from compromised customer data, which can severely damage trust and trigger regulatory penalties. To mitigate these risks and ensure preventable attacks do not overshadow Black Friday opportunities, retailers must take a proactive approach, preparing well in advance by understanding the threat landscape, bolstering their cyber resilience, and ensuring they have a well-rehearsed incident response plan.
Drawing on insights from Adarma’s Threat Intelligence Team, here are key strategies to strengthen cyber resilience and avoid the most prevalent cyber threats facing the retail sector.
Temporarily geoblocking traffic from high-risk regions can reduce exposure to potential attackers by restricting access from specific countries. To implement geoblocking effectively, cybersecurity teams should strategically assess which regions pose the greatest threat based on historical data. Retailers often have detailed customer profiles, including their location, purchase habits, and browsing behaviours. By analysing this information, they can decide which countries are safe to allow access from and which may warrant restriction.
For example, if a retailer has no customers in a high-risk region, such as North Korea, and does not ship there, geoblocking traffic from that area during peak shopping periods can be a prudent measure.
Rate limiting is an effective way to control network traffic by restricting the frequency of certain actions, such as login attempts or page requests, within a defined timeframe. This approach helps prevent malicious activities like brute force attacks, denial-of-service (DoS), and web scraping.
The system works by monitoring the number of requests from each IP address and the time between them. If a threshold is exceeded, further requests from that IP address are temporarily blocked. To balance security with user experience, it’s crucial to configure the blocking duration carefully to deter attackers without inconveniencing legitimate users.
Auto-scaling technology ensures that a website can handle spikes in demand by dynamically adjusting its capacity to maintain performance. During a surge in malicious or legitimate traffic, the system allocates additional resources to keep operations running smoothly and scales back once the demand subsides.
Although effective, auto-scaling can be expensive since cloud infrastructure providers charge for extra resources. To mitigate this, retailers can introduce queueing systems that manage customer access when resource limits are reached, ensuring the site remains operational without becoming overwhelmed.
Attackers often exploit weaknesses in third-party supply chains to enter a retailer’s network. Given the extensive supply chains many retailers rely on, securing access controls is critical.
Review, update, and test access permissions regularly to close any potential gaps. For third-party access, ensure you fully understand who has access to your systems and what level of privilege they hold. Internally, enforce strong password policies and enable multi-factor authentication (MFA) across all systems.
Privileged accounts require particular attention. Use Privileged Access Management (PAM) solutions to store sensitive account credentials in a secure vault, rotate passwords regularly, and monitor usage to detect anomalies. Regularly testing and peer-reviewing access controls ensures they remain robust and up to date.
Ahead of high-risk periods like Black Friday, it’s essential to brief employees on the increased threat landscape. Equip them with the knowledge to recognise suspicious activity and report incidents effectively. Sharing cybersecurity best practices, alongside clear guidance on identifying phishing attempts or other malicious behaviours, helps build a culture of vigilance and preparedness.
By providing the right training and resources, employees can act as an additional layer of defence, reducing the likelihood of successful cyberattacks during this critical time.
Adarma provides customised cybersecurity solutions to assist businesses in achieving future-ready cyber resilience. We protect organisations in the FTSE 350, including those in CNI and other regulated sectors. We offer effective threat detection and incident response, acting as an extension of your team to enhance your security posture and optimise your security investments for maximum risk reduction.
Our approach enables organisations to decrease cyber risks by implementing effective threat intelligence, exposure management, and detection and response capabilities. We offer tailored threat intelligence, technological solutions, and strategic consultations catering to our customers’ specific security requirements and business goals. Our expertise guarantees a balanced approach between security and operational efficiency, safeguarding our customers’ most crucial infrastructure and data.
If you would like to learn more about how Adarma can support your organisation’s cyber resilience, please get in touch with us at hello@adarma.com.
To hear more from us, check out the latest issue of ‘Cyber Insiders,’ our c-suite publication that explores the state of the threat landscape, emerging cyber threats, and most effective cybersecurity best practices.
You can also listen to our new podcast, which explores what it’s really like to work in cybersecurity in today’s threat landscape.
Stay updated with the latest threat insights from Adarma by following us on X and LinkedIn.
![adarma_logo_twgt-black[11615449]](https://adarma.com/wp-content/uploads/2022/10/adarma_logo_twgt-black11615449.png){kind=logo}
