Retailers ‘Woefully Underprepared’ For Black Friday Cyber Attacks

Retail is one of the worst-performing sectors when it comes to defending against cyberattacks, finds new research. The analysis from global cyber security consultancy Coalfire comes as retailers across the country are gearing up for the holiday shopping season, kicking off with Black Friday and Cyber Monday in a couple of weeks.

Andrew Barratt, Coalfire

Andrew Barratt, Vice President, Coalfire offers commentary on the topic:


What makes the holiday season so high-risk from a cyber perspective for organizations?


Even in normal times, retailers are an attractive target for hackers. Their IT infrastructures are often a hugely complex web of different legacy systems. That, coupled with a lack of cyber awareness, the busy season ‘change freeze’ and a lack of training among shop floor employees, opens up a lot of potential opportunities for cybercriminals and fraudsters alike.

What was most surprising about your research?


Our research serves as a stark warning to retailers in the run up to Christmas and shows that many are woefully underprepared to protect themselves and their customers from cybercriminals. Digital transactions go through the roof on Black Friday and Cyber Monday – that makes these key dates just as important for hackers looking to cash in on insecure IT systems, as they are for shops and supermarkets.

Do you typically see high-level attackers or 'script kiddies' looking to take advantage of the holiday chaos? Is this a case of quantity vs quality?


It’s more likely that well managed organized criminals will take advantage of holiday chaos, or opportunists who are leveraging ransomware/malware as a service. In the case of quantity vs. quality, it's neither really. The holiday season just provides criminals with an opportunity to take advantage of the same thing retailers do - a huge surge in online spending.

All organizations, including retailers, have known and unknown vulnerabilities. What are the layers of defense orgs should be implementing to mitigate their risk during the holidays?


Firms must invest more time and resources in training and boosting cyber expertise across their store footprint, not just at head office. Susceptibility to the most common types of attack – phishing, malware and exploitation of weak passwords – can be greatly improved simply by giving employees more guidance on how to use their IT safely.

How can consumers protect themselves from cybercriminals during the holidays?


Only spend on a credit card. Do not, DO NOT use a debit card for online purchasing. There is no consumer protection that is nearly as good as with a credit card. Be very careful with direct advertisements from social media that seem ‘just to good to be true’. There are several Chinese fraudulent groups who spend on targeted advertisements for high value items, only to then ship you a LED light or some other very, very low value item. Always Google the name of the online shop – look at the reviews and ensure you do the purchase with a credit card if you do.


###