Peak Season 2020: Stay secure this Black Friday

14 September 2020 by Laura Valentine

What do you get when you cross the biggest shopping day of the year with a year that’s already seen a record-breaking number of cyber-attacks? Over the last few years, the retail industry has experienced a growing number of increasingly damaging attacks and breaches during the peak period of Black Friday, Cyber Monday and the run up to Christmas.  

This year especially, retailers can’t afford to let cybercrime eat into profits. With the pandemic proving to be the ideal breeding ground for hacks, data breaches and phishing scams, the risk seems greater than ever. For eCommerce retailers already trying to plan for an unprecedented peak season, the potential for a catastrophic security incident is yet another factor to consider – and it’s a vital factor to not overlook.  

What’s the problem? 

The flurry of online activity that comes with the festive season is simply too tempting of an opportunity for cybercriminals. There’s a lot at stake for retailers as they compete for market share and attempt to snag their cut of the peak–season spending. Cybercriminals know this, and they have no hesitation in using it to their advantage.  

According to Verizon’s 2020 Data Breach Investigations Report, 86% of all breaches are financially motivated – and a breach over the festive period can result in a big pay packet for hackers. Downtime during this season is unthinkable for any eCommerce business, and cybercriminals will happily exploit this using ransomware and DDoS attacks. Either by holding data hostage or taking a website offline until a fee is paid, hackers make sure they get their unfair share of the peak profits.  

A competitive edge 

It’s not just those out for financial gain you need to worry about, however. In 2019, 25% of data breaches were motivated by the potential to gain strategic advantage. Distributed denial of service (DDoS) attacks are predominantly the weapon of choice for those wishing to overwhelm the servers of their competition. While the competitor’s site is offline or running slowly, customers are forced to look elsewhere for a good deal.  

It’s not just brands touting similar goods that turn to DDoS attacks over peak though – political activists also choose this period to make an anti-consumerist stand. Hacktivists have been known to attempt to take sites offline to impact profits or cause reputational damage.  

Common types of attack 

In 2019, the US saw 129.3 million malware attacks between 25th November and 2nd December – a 63% increase on the same period in 2018. Whether seeking to harvest data to sell on the dark web or attempting to trick customers into shopping on a spoof site, attacks are becoming more frequent and more sophisticated. 

Social engineering attacks are also on the rise. Cybercriminals are targeting business emails and employees’ social media in an attempt to gain access to internal systems and accounts. From there, they can exploit customers directly, while masquerading as a legitimate member of your business.  

What’s at risk? 

Understandably, this puts more than just your profits in danger. Any public knowledge that your business has fallen victim to a cyber-attack comes with huge risk to your brand reputation. Consumers are increasingly aware of the importance of data protection and the responsibility of retailers to protect their personal information. A breach that exposes or steals their data is therefore bound to affect their brand confidence.  

According to a study by KPMG, 19% of consumers said they would completely stop shopping somewhere following a breach. Similarly, 33% said they would take an extended break from that retailer if they fell victim to a hacker. When you factor in any new custom that could potentially be missed as a result of bad press or reputational damage, the financial repercussions can feel long-lasting.   

On top of this, there are other financial repercussions to consider: 

• Every second of downtime costs money. If hackers successfully take your site offline during the peak period, you miss out on sales.  
• Even if the hack only slows your site down it can be costly. Every one–second delay translates to a 7% loss in conversions.  
• If data is stolen, you risk being in breach of the GDPR. This can result in penalties of up to €20 million or 4% of your annual global turnover, whichever is higher. 

How to keep your eCommerce site secure 

Follow our top tips to bolster your security in time for peak season 2020: 

• Thoroughly audit your site, making sure patches are up to date to minimise vulnerabilities.  
• Make sure you have updated antivirus software installed and firewalls to help filter out malicious traffic. 
• Consider investing in dedicated DDoS protection like DDoSx® to keep your site online during an attack.  
• Have a disaster recovery (DR) plan in place. If your site goes down, a disaster recovery as a service (DRaaS) solution will minimise downtime and data loss.  
• Ensure your security solutions help you meet and maintain GDPR and PCI DSS compliance.  
• Invest in employee training, educating colleagues on how to spot phishing scams and avoid social engineering attacks. 

A robust threat detection and response solution goes a long way towards keeping your eCommerce website safe, not just for Black Friday but all year round. Make sure your site is secure this year, to protect your profits when it matters most.