Cyber Week Security Tips to Protect Against Hackers

The biggest online shopping period of the year is fast approaching: Cyber Week. Think of it as the Super Bowl for online retailers. Beginning on Cyber Monday and ending the following Friday, this year’s Cyber Week is expected to generate a record $730 billion in revenue, according to the National Retail Federation. With the influx of online shoppers, digital payments and credit card data, the biggest shopping week of the year can also mean opportunities for malicious actors and criminal activity.

In fact, according to our Security Model Index data (a framework that aggregates data across large enterprises, offering visibility into security programs), retailers face a 13 percent increase in attack attempts during Cyber Week compared to the rest of the year. ReliaQuest analyzed data from online retail customers during last year’s Cyber Week, which revealed the unique nature of threats that retailers face during this week of online shopping. However, there are several tips and best practices chief information security officers (CISOs) can implement to ensure their technology, processes and teams are prepared for the onslaught of shoppers and potential bad actors alike this holiday season:

1. Complete scanning, patching and updating ASAP. Many retailers’ highest revenue rates occur in Q4 as a result of holiday shopping; for some, this boost can account for a significant percentage of annual revenue. To ensure systems provide the best possible shopping experience, retail IT teams often put software systems on freeze. It’s imperative to update software for known vulnerabilities ahead of time because rates of attack attempts spike for retailers during the holiday shopping season.
2. Increase security awareness with training or enhanced monitoring. The human element may always be the weakest link in security, but training leads to better security outcomes. Before retailers’ highest-risk season, CISOs should train staff to recognize and protect against the most likely attacks. Enhanced monitoring will also improve the ability of retail security teams to halt suspicious activity. In fact, last year, retailers saw an increase in confirmed malicious activity, or “true positives,” by 23 percent during Cyber Week, according to our data. With more legitimate threats, basics like training and monitoring should be among the first efforts towards Cyber Week security.
3. Boost web app security. Historically, web application security has been the weakest point of security for retailers. It’s also the vector most targeted by attackers and where most breaches originate. Applications are retailers’ bread and butter — they’re a key element enabling retailers to provide consistent experiences for omnichannel shoppers, which nearly every consumer today expects, and every retail CIO supports. Retailers can also deploy detection technology to catch suspicious activity, and as a fail-safe, use two-step security controls for customers, as well as Database Activity Monitoring (DAM) and Web Application Firewalls (WAF) to ensure customer credentials are protected and valid. If retail CISOs had to choose one area to double down on security for Cyber Week, it should be web apps.
4. Train shipping managers and call-center staff. Behind every online purchase, retailers deploy a number of teams at discrete points of the purchase process — from call centers to shipping fulfillment managers — to get products to customers. These teams haven’t traditionally been trained to be on the lookout for fraud, and as a result they’re easily manipulated. I’ve seen attackers reroute shipping to a new address after the purchase is validated, bad actors dupe a helpdesk support staffer into resetting account passwords to steal credit card details, and malicious users place orders with a stolen credit card then route shipping to a new address. Both call-center staff and shipping managers should be properly trained to notice these types of red flags.

Malicious actors are becoming more sophisticated and calculated, causing retail CISOs to engage in a perpetual game of cat and mouse. The holiday season presents a prime opportunity for hackers to take advantage of retailers focused on handling high volumes of transactions and crowds of shoppers who are looking for deals. This is the time of year that retailers need to be most vigilant to ensure they, too, enjoy a happy holiday season and retain the profits they worked so hard to earn.

Joe Partlow is the chief technology officer of ReliaQuest, a company fortifying the world’s most trusted brands against cyber threats with GreyMatter, our platform for proactive security model management.