Thales Blog

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

November 21, 2023

Todd Moore Todd Moore | VP Encryption Products, Thales More About This Author >

As global consumers gear up for the much-anticipated shopping bonanza that is Black Friday and Cyber Weekend, retailers brace themselves for the frenzied onslaught of shoppers and the deluge of cyber threats lurking in the shadows. Black Friday and Cyber Monday, both hailed as the epitome of shopping extravagance, are also synonymous with a heightened risk of cyberattacks on retail platforms.

The Retail Cyber Threat Landscape

Time and again, the retail industry has found itself in the crosshairs of cybercriminals. Data breaches in the retail sector illustrate the vulnerabilities inherent to this industry, emphasizing the need for robust cybersecurity measures.

In the evolving digital commerce landscape, the threat to retail cybersecurity has never been more palpable. The Verizon 2023 Data Breach Investigations Report reveals that system intrusion, phishing, and web app attacks are the predominant patterns that enable criminals to steal personal and financial information, including credit card data. This finding not only underscores the vulnerability of the retail sector but also accentuates the financial repercussions of such breaches. The IBM 2023 Cost of a Data Breach Report, for example, highlights the continuous financial burden on retailers, which, coupled with potential reputational damage, emphasizes the dire need for retailers to prioritize and bolster their cybersecurity measures.

It becomes, therefore, essential for retailers to consider the fresh insights provided by the Thales 2023 Data Threat Report – Financial Services Edition . Although specifically tailored for the financial services sector, its revelations have profound implications for the retail domain, especially during high-stake events like Black Friday.

The Human Element: A Double-Edged Sword

Human error, often an overlooked aspect of cybersecurity, emerges as a glaring concern in the report. An astounding 79% of respondents in the financial sector identified it as a significant security threat, with 30% ranking it as their foremost concern.

This is a critical lesson for retailers. Behind every system, software, and security protocol stands a human being. The frenzy of Black Friday sales can lead to oversights, rushed decisions, and mistakes. It is important to ensure that employees are continuously trained, kept aware of new threats and remaining vigilant in detecting and reporting abnormal behaviors. Only then can retailers hope to minimize the human-induced vulnerabilities that cybercriminals are all too eager to exploit.

Navigating the Cloud Conundrum

As businesses undergo digital transformations, cloud operations have become the norm rather than the exception. However, the security of data in the cloud is a growing challenge. The Thales report indicates a significant 11% rise from the previous year in businesses finding it complicated to secure cloud data. This jump is linked to the intricacies of managing multi-cloud operations.

For retailers, this poses a two-pronged challenge. Firstly, as they embrace the cloud for agility and scalability, ensuring the security of customer data is non-negotiable. Secondly, the interplay between retail and financial services means that any cracks in the armor of one can expose vulnerabilities in the other. Thus, investing in state-of-the-art cloud security solutions that simplify data protection becomes not just a best practice but an imperative.

The Indispensable Role of End-to-End Encryption in the Age of Mobile Wallets

Mobile wallets and online transactions are now as commonplace as physical cash transactions. The security of our financial data is of paramount importance. Today, using Point-to-Point Encryption (P2PE) isn't just a luxury; it's a necessity.

P2PE provides a holistic shield by utilizing specialized payment terminals to encrypt card data at the very inception of its capture. This ensures that the data is constantly wrapped in a layer of encryption, from the moment it's taken until it reaches the payment gateway.

Now, imagine a cybercriminal successfully penetrating a system or an unauthorized internal entity with a malicious intent. In the presence of P2PE, even these entities would find themselves staring at encrypted, undecipherable data. The benefits are twofold. Firstly, the obvious one: enhanced security. Secondly, it simplifies the compliance journey for merchants, significantly narrowing down the scope of PCI DSS compliance requirements.

Beyond understanding the intricacies behind P2PE, there’s a need for a collective action from consumers, governments, and retailers:

  • Consumers: Demand clarity from retailers on how they're safeguarding your data. Penalize those who remain opaque and reward businesses that are transparent about their protective measures. Incorporate personal security best practices, such as two-factor authentication and encryption, in all your online interactions.
  • Governments: Look to global benchmarks. The European Union has built a set of robust regulations addressing data breaches. It's time to escalate and adapt similar, if not stronger, legislative measures globally, ensuring that data protection isn't just a priority, but a mandate.
  • Retailers: Embrace the 'Secure the Breach' mindset. Assume that, at some point, perimeter defenses might fail. This isn't pessimism; it's pragmatism. By acknowledging this, companies can strategize for more effective data protection, fortifying overall security and staying one step ahead of cyber adversaries.

Addressing Mobile Mishaps: Safeguarding Digital Identity When Devices Fail Us

Consumers’ online shopping experience can be damaged not only by breaches but also by unfortunate events. It's an all too familiar scenario for many: that feeling as your mobile phone slips from your hands and crashes to the ground, the screen now a spiderweb of shattered glass. Or, perhaps, that heart-stopping moment of realization that your phone is missing—possibly stolen. Today, our mobile devices serve not just as communication tools but also as gatekeepers to our digital identities, especially with the rise of mobile-based multi-factor authentication (MFA). But what happens when these devices are suddenly inaccessible?

For those who rely on their mobiles for MFA, a damaged or lost phone can feel like being locked out of your digital home. Panic can exacerbate the situation. Instead of panicking, consider the following proactive steps:

  • Backup authentication methods: Always have a secondary method of MFA. This could be in the form of backup codes provided by the platform, an authentication app accessible from another device, or even a secondary phone number.
  • Emergency contacts: List critical accounts (like banking or work-related platforms) and their customer service numbers. In case of a lost phone, promptly informing these services can prevent unauthorized access.
  • Quick action for lost phones: If your phone is lost or stolen, tools like "Find My iPhone" for Apple devices or "Find My Device" for Android can help locate or remotely wipe your phone, protecting your data from prying eyes.
  • Immediate reporting: When you suspect your phone is stolen, inform your bank or payment app providers. They can temporarily freeze contactless payment capabilities or monitor for suspicious activities.

Black Friday and Cyber Weekend, while being opportunities for unprecedented sales and revenue, also present substantial cybersecurity challenges. To understand the evolving threat landscape associated with financial transactions and entities, and learn how Thales can help to improve security for your retail organization, download the Thales 2023 Data Threat Report – Financial Services Edition .