Cyber security during Black Friday/Cyber Monday


Guillaume Noé, Senior Director, Cyber Security, Avanade Australia

[Black Friday/Cyber Monday] sees an influx of customers looking to take advantage of online bargains. But with more people online, comes a heightened risk for both shoppers and retailers as cybercriminals look to also take advantage. It is important to be aware of the potential threats at this time of the year, and to be prepared, vigilant and ready to respond effectively.

Shoppers need to be aware of potential scams such as phishing emails that can lure them into providing their data to fake retailers, such as personal information or credit card details. With an increase in marketing materials from businesses promoting sales and [Black Friday/Cyber Monday] deals, shoppers need to be cautious of which links they click on and the validity of the emails they interact with, or risk a very disappointing and costly experience.

During [Black Friday/Cyber Monday], retailers may attract the undue attention of nefarious groups, more than at any other time of the year. They can be held to ransom with Denial of Service (DoS) and ransomware attacks crippling their business operations and denying them revenue. They can also be the subject of more sophisticated attacks in the midst of a digital transaction frenzy, putting their customers’ data and the reputation of their business at risk. Without due protection and preparation, retailers can be left with few options to deal with the aftermath of an attack, just ahead of one of the most critical transaction windows of the year.

Because of the increased cyber risk, it’s a good time for retailers to review their cyber security risk defences and make any necessary improvements. This is particularly advisable for any businesses that haven’t had a security assessment in the last 12 months. In the event of a cyber-attack, it is essential for businesses to act swiftly and seek guidance from a cyber security specialist. For smaller retailers who may not employ a cyber team, subscribing to a Cyber Security Incident Response retainer service can ensure the timely engagement of specialists to help recover as quickly as possible.