Black Friday and Cyber Monday (BFCM), the year’s two most important ecommerce events, is the time when online store owners and retailers can launch a variety of promotional sales, boost revenues and acquire new customers.
Every year, millions of online shoppers visit online stores worldwide to check for the latest Black Friday and Cyber Monday deals. For ecommerce businesses, these two unofficial holidays signal the official start of the long and much-awaited holiday shopping season, offering the chance to showcase their latest products and services in the market.
With millions of people expected to shop online this year due to the COVID-19 pandemic and travel restrictions, this extends the threat surface and created the perfect environment for cybercriminals and malicious actors to launch scams and other cybercrimes activities.
According to the recently-published State of Ransomware in Retail 2021 report by cybersecurity firm Sophos, approximately 44 percent of retail organizations/ecommerce businesses were hit by a ransomware attack in 2020 alone. The latest Sophos research also indicated that 32 percent of online retailers/ecommerce businesses, whose data was encrypted, have decided to pay the ransom money to get their data back. The report also detailed that the average ransom payment made by companies was $147,811, which is much lower than the global average of $170,404.
So how to secure your online business? First, you need to be smart and extra cautious when checking emails. You need to harden security defenses and take a look at those security vulnerabilities that could be easily exploited during busy shopping events. Always monitor network traffic, review the firewall systems, keep firmware fully updated and check if all electronic devices are fully up-to-date with the latest cybersecurity software.
And finally, we got some big advice from IT experts here. Industry leaders offer readers some tips to secure their businesses during the busy Black Friday and Cyber Monday events.
Surya Varanasi, CTO, StorCentric:
“According to Salesforce, the 2020 holiday season broke records and online sales in 2021 are expected to continue to surge. Salesforce predicts ‘online sales will continue to grow, up to 10% in the U.S. and 7% around the globe. Put another way, between November and December, online shoppers will spend $259B in the U.S. and $1.2T globally. And thanks to better omnichannel experiences, you can expect shoppers to keep clicking ‘add to cart even past the shipping cutoff.’ While there is always a chance that ransomware will hit a smaller retail organization, the greatest likelihood is that it will target large organizations with operations, revenue, and PII to protect, as well as the deepest pockets to pay.
Our advice to these retail IT executives is to put aside traditional strategies and instead take their data protection and security to the next level — from basic to unbreakable. An Unbreakable Backup solution overcomes today’s most common cybercriminal strategy, which is to attack the backup first, and then come after the production data and operations. In this way, the retail IT executive loses their backup plan — excuse the pun — and is at the mercy of the ransomware demands. Instead, Unbreakable Backup creates an immutable copy of the data which cannot be deleted, corrupted, or changed in any way. And it can do so for copies kept onsite, remotely, and in the cloud. Then, it takes the admin keys and stores them in another location entirely — hidden from cybercriminals or even an insider threat. Once done, retail IT executives can rededicate their time to activities that ensure the optimum customer experience and premium sales, as well as safe, efficient, and cost-effective back-office operations.”
JG Heithcock, General Manager (GM), Retrospect, a StorCentric Company:
“Today’s mid-to-enterprise class retail organizations manage complex IT operations that depend upon numerous technologies, distributed across the HQ datacenter and each remote location, to provide customer-facing and back-office functionalities. This creates a vast attack surface for the would-be cybercriminal that only needs to be right one time to get in, versus the data center management team that must be right every time, every day, in every way. Today, it is not a matter of ‘if’ ransomware will get in, rather a question of ‘when?’
Consequently, while prevention and detection are critical, today’s top priority must be the recovery piece. Retail IT executives should choose a data backup solution that provides broad heterogeneous platform and app support. It should ensure automated backup protection across the entire IT environment from the central data center to remote offices to the edge and into the cloud. This feature is particularly important to retail organizations with numerous remote stores, which oftentimes do not have onsite IT expertise to ensure data and operations security and protection. Next, the backup solution must auto-verify the backup process. It should check each file in its entirety to make sure files match across all environments, which consequently ensures the ability to recover in the event of an outage, disaster, or cyber-attack. And this one’s a deal-breaker — at least one backup must be immutable, unable to be deleted, corrupted, or changed in any way, even if the ransomware has already infiltrated your organization, and integrated itself into the backup process.”
Don Boxley, CEO, and Co-Founder of DH2i:
“Data and systems uptime, availability, and security will play crucial roles in determining the success or failure of Black Friday and Cyber Monday for retailers in 2021. This is because consumers are savvier than ever and know that should your onsite or online systems go down, your nearest competitor is only a few steps or clicks away. And unfortunately, this exodus may be permanent. Especially if the security of customer data, or PII, was compromised.
On Black Friday, Cyber Monday, and all year long, retailers must deploy smart availability solutions that offer far more capability than just combatting unplanned outages. The ideal high availability (HA) solution must deliver an all-inclusive approach for optimization of the retailer’s entire environment. It must ensure both planned and unplanned downtime is kept to near zero while improving (not complicating as some solutions do) the management experience and lowering overall HA expense. Likewise, retailers must free themselves from outdated and highly vulnerable security solutions — like VPNs, and instead employ a modern data security approach — like a software-defined perimeter (SDP). SDP provides users with application-level segmentation versus access to the entire network. In doing so, the overall potential attack surface is minimized, a Zero Trust implementation can be achieved, and the greatest possible level of data security can be ensured.
With data and systems uptime, availability and security assured, retail IT executives can refocus their time and energy instead on activities that ensure optimum customer and employee experiences, increased sales, and a boost to the bottom-line.”
Tom Callahan, Director of Operations, MDR, at PDI Software:
“Leading up to Black Friday and Cyber Monday, consumers have been hearing about potential issues with retail and delivery supply chains. Although there are a lot of reasons why certain products might not be on store shelves or deliveries might be delayed, one reason we can’t overlook is cybersecurity.
Because the retail supply chain is increasingly digital and interconnected, the entire chain can quickly be impacted by a single cyberattack on one company along the chain. For instance, we’re now seeing what used to be simply ransomware attacks turning into extortionware attacks.
If a business gets breached and decides not to pay the ransom to get their data back, cybercriminals are now using that data to extort not only the business but the customers and partners of that business as well. As a result, the blast radius of a cyberattack can escalate very quickly across a wide footprint. That has the potential to completely disrupt the retail supply chain.”
To guard against that, companies need to follow their established security best practices and maintain vigilance. But they must also be wary of how interwoven their supply chains are. They must be able to protect sensitive data and maintain secure access points as they interact with other businesses through the cloud.”
The CODE Warrior 