Cyber crime is causing more chaos than ever, and looms large for small business owners as Black Friday and Cyber Monday approach and pose an enormous challenge to their online operations.
Retailers must protect themselves ― and their customers ― by being proactive about spotting scams, limiting the damage, and recovering quickly from any possible attack.
Black Friday kicks off the busiest retail season of the year, a stretch that’s both a major financial boon for retailers ― and a big opportunity for malicious cyber threats to strike. And strike they will. Taken as a whole, Black Friday and Cyber Monday are the World Cup for online commerce and cyber criminality.
The business ramifications of the big shopping weekend are massive: last year shoppers spent $10.8 billion on Cyber Monday, shattering the previous year’s record of $9.4 billion, making it the single largest day for online sales in U.S. history. Black Friday was a bonanza as well, with $9 billion being spent online, a nearly 22% jump from the previous year.
Online shopping as a whole continues its dramatic upward trajectory. According to Statista, global retail e-commerce sales will hit $4.89 trillion in 2021, and there’s no slowdown in sight: by 2024 global e-commerce sales are projected to reach $6.38 trillion.
Cyber Monday and Black Friday scams
Unfortunately, this remarkable growth in online retail comes with matching risk: cyber crime.
Online fraud, cyberattacks, and data breaches plague industries around the globe, powered by ever-evolving strategies designed to avoid detection and maximize disruption and payoff. Despite growing cybersecurity vigilance, attacks are on the rise and figure to reach another level during Black Friday and Cyber Monday.
Here are common ― and some less well known ― forms of cyberattacks that retailers must be aware of:
- Phishing: A hacking scheme that fools users into sharing sensitive information by disguising malicious links posed as legitimate-looking emails, attachments, and logos.
- Malware: Software that encompasses a variety of cyber threats such as viruses and trojans, malware infects a device or network and does intentional damage to that system by accessing sensitive information.
- Ransomware: This increasingly common form of cyber blackmail encrypts company data so that it is completely inaccessible, forcing the company to pay a ransom to regain control over it.
- Magecart/E-Skimming: Growing in frequency, this brand of malware infects online checkout pages to steal personal information of shoppers.
- Third party vendors: With multiple vendors providing support for online sales, their relative weakness when it comes to security can be a point of vulnerability for cybercriminals to exploit.
- Open-source software vulnerabilities: Code that anyone can view, modify, and augment is hugely valuable to e-commerce businesses, but if vulnerabilities exist in that code it’s a dangerous problem that can lead to massive data breaches.
- APT as a service: Advanced persistent threat groups that have traditionally been associated with politically motivated state-sponsored actions are now being hired to attack retail verticals previously untouched. These hackers for-hire can overwhelm small business security operations with sophisticated techniques that have not been planned for.
Small businesses attacked by cybercriminals
While major online retailers have certainly been hit hard in the past decade (think Target, Home Depot, and eBay to name a few), it’s smaller businesses that are most vulnerable to the devastating impact of an online attack.
43% of online attacks were aimed at small businesses in 2019, to an average cost of $200,000. That type of damage cannot be sustained by most businesses, and the result is crushing: according to Vox, 60% of small businesses that suffer a cyber attack go out of business within 6 months.
Governments take notice too. For example, the U.S. Congress in July of 2021 reviewed the cyber attack burden on small businesses, specifically ransomware.
Yet too many retailers are unprepared to handle an attack. According to a recent survey only 28% of small business owners had a plan in place in case of a cyber attack; almost half (42%) have no plan at all.
Retail cybersecurity tips
So what steps small businesses can take as the World Cup of Cybercrime approaches?
- Implement zero trust: Enforcing zero-trust solutions is essential: it restricts third party access to information the website has authorised and blocks access to consumers’ private and payment information.
- View your site as a customer: It’s important to keep tabs on how your website appears to customers themselves and not focus solely on the server side. Viewing it from the browser perspective can help spot issues that may signal a compromised site.
- Train your staff: The single biggest cause of a cyber attack is human error. Clicking on a bad link, not recognizing a suspect email attachment, sloppy or unattuned digital awareness, all of these can lead to disaster. Prepare staff by reviewing up-to-date threats, scenarios and recovery plans.
- Backup your data: If you have sufficiently backed up your company's sensitive data you will be less vulnerable to the pressure of having to pay a ransom in the event of a ransomware attack.
- Reduce software supply chain risk: The prevalence of third party vendor systems is a security challenge that must be addressed. Closely monitor and manage the configuration of any assets or information accessed by third party vendors, and implement a secure development lifecycle to make sure vendors are applying security controls and following secure coding practices.
The current threat landscape poses extreme risk to every business, no matter the size or vertical. This should force small business retailers to embrace a dedication and awareness of relevant protections that can help them fend off a cyber attack.
The cost of not being prepared could be the loss of the business itself. And everyone wants to win and take home the World Cup trophy.
Find out more about protecting your business from cyber attacks.