Lock, stock, and barrel: Protecting data systems for Black Friday, Cyber Monday

Retailers are working round the clock to ensure their data systems are safe and secured during the upcoming Black Friday and Cyber Monday sales period.
22 November 2021

As retailers prepare for the biggest sales period of the year, ensuring their data systems are securely patched and updated are not the only things they have to ascertain this time around. While cybersecurity concerns continue to be an issue, most retailers would likely have updated their data systems to support the heavy online shopping spree during the upcoming Black Friday and Cyber Monday sales.

However, the bigger concern for retailers this year is, can they get their products to customers on time? The global supply chain crisis has already resulted in multiple product delays, especially for tech-related products. In fact, Reuters reported purchasing managers saying that delivery times for manufactures were deteriorating worldwide, with the global delivery time index down to 34.8 last month, meaning longer deliveries.

For Tom Callahan, Director of Operations, MDR, at PDI Software, consumers have been hearing about potential issues with retail and delivery supply chains. Although there are a lot of reasons why certain products might not be on store shelves or deliveries might be delayed, one reason retailers can’t overlook is cybersecurity.

“Because the retail supply chain is increasingly digital and interconnected, the entire chain can quickly be impacted by a single cyberattack on one company along the chain. For instance, we’re now seeing what used to be simply ransomware attacks turning into extortionware attacks.

“If a business gets breached and decides not to pay the ransom to get their data back, cybercriminals are now using that data to extort not only the business but the customers and partners of that business as well. As a result, the blast radius of a cyberattack can escalate very quickly across a wide footprint. That has the potential to completely disrupt the retail supply chain,” said Callahan.

(Photo by SPENCER PLATT / GETTY IMAGES NORTH AMERICA / Getty Images via AFP)

Black Friday sale for cybercriminals

Despite the 2020 holiday season breaking records, Salesforce predicts online sales to grow by about 7% around the globe and 10% in the US alone. Online shoppers are expected to spend about US$259 billion in the US, and US$1.2 trillion globally just in November and December.

At the same time, with omnichannel experiences and a myriad of payment methods available to shoppers, the seamless sales opportunities will only have shoppers clicking away to spend more during the sales season. And this is exactly why cybersecurity experts are worried.

According to Surya Varanasi, CTO at StorCentric, “while there is always a chance that ransomware will hit a smaller retail organization, the greatest likelihood is that it will target large organizations with operations, revenue and personal identifiable information (PII) to protect, as well as the deepest pockets to pay. Our advice to these retail IT executives is to put aside traditional strategies and instead take their data protection and security to the next level — from basic to unbreakable.”

For cybercriminals, the Black Friday and Cyber Monday sales period make the perfect opportunity for them to strike the mother lode of cyber breaches. Knowing that retailers will have weaknesses and vulnerabilities in their systems during these frenetic sales traffic periods, bad actors will just be waiting to pounce.

A recent example would be the Costco data breach. While the breach itself did not affect any internal data systems, cybercriminals were able to get access to customer data by skimming a credit card machine. Reports showed that five card-skimming devices were uncovered by employees during inspections.

Data systems backup and recovery

For data systems to remain secure and available, Varanasi explains that an unbreakable backup solution overcomes today’s most common cybercriminal strategy, which is to attack the backup first, and then come after the production data and operations. In this way, the retail IT executive loses their backup plan and is at the mercy of the ransomware demands.

“Unbreakable Backup creates an immutable copy of the data which cannot be deleted, corrupted, or changed in any way. And it can do so for copies kept onsite, remotely, and in the cloud. Then, it takes the admin keys and stores them in another location entirely — hidden from cybercriminals or even an insider threat. Once done, retail IT executives can rededicate their time to activities that ensure the optimum customer experience and premium sales, as well as safe, efficient, and cost-effective back-office operations,” commented Varnasi.

Echoing Varnasi’s views is Don Boxley, the CEO and co-founder of DH2i. He believes that data and systems updates, availability, and security will play crucial roles in determining the success or failure of Black Friday and Cyber Monday for retailers in 2021. This is because consumers are savvier than ever and know that should a retailer’s onsite or online systems go down; the nearest competitor is only a few steps or clicks away. And unfortunately, Boxley believes this exodus may be permanent, especially if the security of customer data, or PII, was compromised.

“On Black Friday, Cyber Monday, and all year long, retailers must deploy smart availability solutions that offer far more capability than just combatting unplanned outages,” highlighted Boxley. “The ideal high availability (HA) solution must deliver an all-inclusive approach for optimization of the retailer’s entire environment. It must ensure both planned and unplanned downtime is kept to near zero while improving (not complicating as some solutions do) the management experience and lowering overall HA expense.”

Likewise, Boxley pointed out that retailers must free themselves from outdated and highly vulnerable security solutions — like VPNs, and instead employ a modern data security approach — like a software-defined perimeter (SDP). SDP provides users with application-level segmentation versus access to the entire network. In doing so, the overall potential attack surface is minimized, a Zero Trust implementation can be achieved, and the greatest possible level of data security can be ensured.

With that said, retailers will have a lot on their hands throughout the busiest sales period in the US and Europe. Hopefully, businesses have taken all the necessary steps to ensure their data systems are safe and secured, giving ease of mind to both retailers and consumers as well.