As the holiday season approaches, the excitement of online shopping and activities also brings an increased risk of cyberthreats. These threats have grown exponentially in recent years, with the holiday season being a prime time for vulnerabilities to be exposed. The most common cyberattacks on retailers during this period include data breaches (48%) and phishing attacks (32%).
Companies can proactively address vulnerabilities and stay safe, as threat actors will often exploit the surge in online activities. Retailers must stay safeguarded against vulnerabilities amidst the rising risk of cyberattacks, as downtime can lead to revenue loss. Below tech experts highlight how to stay cybersafe and mantain uptime this holiday season.
Shobhit Gautam, Staff Solutions Architect at HackerOne
“Retail and e-commerce are prime targets for cybercrime during the holiday season as threat actors become increasingly active. The complex design of e-commerce platforms, featuring dynamic websites and applications, increases the risk of information leaks due to poorly secured APIs, mismanaged user input, and inadequate data management practices.
The use of AI also expands the retail attack surface. We found that 48% of security professionals believe AI is the most significant security risk to their organization. I see a significant risk in how hasty AI adoption could have negative consequences for retailers. For example, GenAI-powered tools such as customer support chatbots have become very popular to scale customer service and engagement. We’ve already seen a few retailers suffer reputationally from AI chatbots going awry, and as retailers receive more web traffic during the holiday months, there will be a higher chance bad actors will seek to abuse chatbots. One way of minimizing the potential of harmful inputs from chatbots is through community-led AI red teaming, which tests AI systems for harmful outputs before bad actors can take advantage of systems.
Consumers must also remain vigilant against social engineering attacks, like phishing, when clicking on sale links and URLs. Retailers can help spread the word about common scams and educate consumers to reduce the chances their customers fall victim to these types of attacks.”
Javed Hasan, CEO and co-founder at Lineaje
“The 2024 Deloitte Holiday Retail Survey found that shoppers surveyed are more optimistic and plan to increase their spending by 8% compared to last year. This puts immense pressure on retailers and the software that enables transactions. From the carefully curated ad campaigns emailed to consumers to online payment systems, software is the pulse of retail organizations.
To deliver the latest software for the holiday season, retail organizations typically have to meet strict deadlines. Developers will often pull from existing open-source software components or take shortcuts to complete a software project on time – focusing more on speed than safety and security. In the chaos, inspecting the open-source or newly-built components for vulnerabilities is typically an afterthought – or not a thought at all. As a result, a faulty, potentially exploitable piece of software waiting to be discovered. With the significant increase in demand and strain on resources that the holiday season brings, combined with the diverse digital touchpoints a retailer has, it’s very likely that a threat actor could use the damaged software to penetrate a retailer’s network without being noticed by the security team. We’ve seen this play out in real-life with recent cyberattacks impacting retail chains such as Torrid and Hot Topic.
During the holiday season, retailers must set aside time to do the following:
- Prioritize Software Maintenance – Retailers should prioritize regular software updates and patches to address known vulnerabilities. This will ensure that all software used has incorporated bug fixes and has installed the latest security patches.
- Analyze Third-Party Software – Retailers should conduct assessments of third-party software providers, especially since 80-90% of software originates from open-source components. According to a research report, 82% of open-source software is considered ‘inherently risky,’ so retailers must stay vigilant in assessing and mitigating any third-party software to understand its lineage.
- Assess New Software Integrations – Retailers must conduct a thorough evaluation of risk and vulnerabilities when integrating new software into existing systems. It is imperative to maintain a Software Bill of Materials (SBOM) to validate the security and compliance of both older and new software against any applicable legislation.”
Bruce Kornfeld, Chief Product Officer at StorMagic
“For retailers, an IT outage during peak times like the lead up to the winter holidays can be a significant setback. It’s the busiest shopping period of the year, especially for brick-and-mortar establishments, and therefore being able to cope with an influx of customers and trust that their IT isn’t going to fail them is crucial. When you’re a retailer with stores at the edge and your corporate IT is hosted from headquarters, hundreds or thousands of miles away, being able to keep your edge systems up and running so stores can keep processing transactions – and generating revenue – is critical.
To ensure this, a particularly effective approach is to implement hyper-converged infrastructure (HCI), which combines storage, computing and networking into a single system on-site. HCI simplifies management and offers built-in benefits that are ideal for handling high-demand events. These systems are often built with robust security in mind, offering integrated encryption, authentication, and compliance features for protection against holiday-season cyberthreats. Their easy scalability allows retailers to adjust resources up or down as needed, so they can expand capacity before the holiday rush without a major infrastructure overhaul and scale down afterward, maximizing cost-effectiveness.
Crucially, HCI also provides integrated redundancy and high availability for workloads, ensuring that if one component fails, another can seamlessly take over to prevent service interruptions. This greatly reduces downtime risks during crucial sales periods, giving retailers peace of mind this holiday season.”