Starting on 24 November and running until 27 November, Black Friday through to Cyber Monday stands out as one of the peak online shopping periods of the year. Statistica predicted that UK consumers would spend as much as £8.74 billion over the weekend this year, with £4.8 billion spent online. While consumers flock to e-commerce websites eagerly seeking bargains and retailers anticipate a surge in profits, it’s important to understand that cybercriminals are also gearing up to exploit the spike in online activity.
Recent research indicates that the average number of suspected digital fraud attempts for transactions from the UK on any given day surrounding Black Friday was 40% higher than the average of the rest of the year in 2022. New figures from the National Cyber Security Centre (NCSC) revealed that shoppers lost over £10 million to cybercriminals during last year’s festive shopping period. This year the National Cyber Security Centre (NCSC) issued a warning that cybercriminals are now likely to leverage Artificial Intelligence (AI), such as large language models enabling them to create more convincing scam emails, fake advertisements, and counterfeit websites, posing an added threat to cybersecurity.
At Adarma, we emphasise collaboration and work closely with our clients to gain a deeper understanding of their unique security priorities. This approach enables us to deliver customised cybersecurity solutions that are precisely aligned with their specific requirements and address their cybersecurity challenges holistically. We were therefore delighted to receive an invitation from our client, Natura &Co, to join them in their war room over the course of the Black Friday weekend with their business leaders, IT and cyber teams.
This visit comprised part of a week-long trip to meet and work hand-in-hand with Natura & Co’s team in São Paulo. Natura &Co is a complex and scaled organisation operating in over 100 countries with more than 3,700 stores, 35,000 employees, and 7.7 million representatives and consultants.
Natura & Co’s war room is a designated physical space in their Brazilian HQ, where various teams and experts can co-ordinate and collaborate to manage the business during events like these ensuring that the business, IT and cyber teams are always in sync. Having a dedicated space like this ensures the highest level of collaboration such that if something goes wrong or an attack occurs, all the experts can quickly come together to resolve the issue.
As a security partner for major retailers, Adarma were especially thrilled to witness and support Natura & Co’s war room in action. In their setup, the marketing and business teams sat alongside the IT and security teams, forming a collaborative trio. All activities were monitored closely, allowing the business teams to understand what was happening in real time in their various omni-channels, communicate a plan of action (e.g. a promotion in real time) and the coordinate with the wider teams to ensure that full support from IT and cyber was made available to support these efforts. Observing this strong alignment with the business provided valuable insights into how Adarma can enhance cyber and resilience collaboration and support with Natura & Co and other similar organisations even more effectively.
“We are privileged to be afforded the opportunity to connect intimately with our clients and comprehend their distinct challenges over their most important trading weekend was truly remarkable. Stepping into their shoes and gaining a genuine understanding of the business we support is invaluable. Being present in their war room was impressive, and we took great pride in witnessing Adarma detections being escalated and resolved with the client. For Adarma, this further reinforces the significance of the excellent work we do in safeguarding our customers 24/7, 365 days a year.” said John Maynard, CEO of Adarma.
Implementing a temporary geoblocking measure can assist in preventing cyber attackers from high-risk countries by blocking IP addresses from specific locations, thus restricting access to the online retailer’s website. However, cybersecurity teams must strategically deploy this method and determine which countries pose a serious risk to their website. Using this historical customer data, security teams can decide which countries to block and which ones to allow during a period of expected increased activity.
Rate limiting controls network traffic by restricting the frequency of repeated actions within a set timeframe, such as login attempts. It temporarily blocks unusual user journeys, like when a single household tries to load hundreds of pages per second. This solution effectively prevents malicious activities, including brute force attacks, DoS and DDoS attacks, and web scraping. The process involves measuring the time between requests from each IP address and assessing the number of requests within a specific timeframe. If the volume exceeds expectations, the rate limiting solution denies the IP address’s request for a set period. The blocking duration must be strategically determined to deter attackers without significantly impacting legitimate users.
Auto-scaling solutions monitor applications and adapts a website’s capacity to ensure steady performance during high demand. Once the attack ceases, the service reduces capacity. Keep in mind that this may result in added costs for the organization, as they must pay the cloud provider for extra resources. To prevent website overload, organisations should employ a queuing system when approaching resource limits, ensuring a seamless shopping experience for customers.
Cyber threat actors will often exploit weaknesses in a target’s third-party supply chain. This poses a higher risk for online retailers with extensive supply chains, as vulnerabilities in another organisation’s network can be exploited. To bolster cybersecurity, it’s vital to review, validate, and test access to the digital environment. If third-party organisations have access to the digital environment or IT networks, it’s essential to understand the extent of privilege granted and to whom.
Internally, security teams should review and remove old or unused user accounts, ensuring multi-factor authentication is correctly configured. Monitoring and managing privileged accounts, which have access to sensitive data, is crucial to prevent misuse.
Prior to heightened threat periods, such as Black Friday and Cyber Monday, it is essential to educate employees. They must understand the situation and be alert to the increased risk. Reinforce cybersecurity best practices, stress the importance of reporting suspected security events, and encourage employee engagement. Equip staff with the tools and knowledge to report suspicious activities and provide training on identifying signs of malicious cyber activities.
If you would like to learn more about how Adarma can support your organisation’s cyber resilience, please get in touch with us at hello@adarma.com.
To hear more from us, check out the latest issue of ‘Cyber Insiders,’ our c-suite publication that explores the state of the threat landscape, emerging cyber threats, and most effective cybersecurity best practices.
You can also listen to our new podcast, which explores what it’s really like to work in cybersecurity in today’s threat landscape.
Stay updated with the latest threat insights from Adarma by following us on Twitter and LinkedIn
![adarma_logo_twgt-black[11615449]](https://adarma.com/wp-content/uploads/2022/10/adarma_logo_twgt-black11615449.png){kind=logo}
