The Cyber Threats Facing Retailers This Holiday Shopping Season

With supply chain delays and an online shopping boom, attacks will come from multiple angles.

Dave Cronin, VP, Cyber Strategy Lead at Capgemini Americas

December 1, 2021

3 Min Read
Keyboard with a present in place of key
Source: LightField Studios Inc. via Alamy Stock Photo

Retailers prepare for an influx of both in-store and online shoppers every holiday season. But something that will differentiate this holiday shopping season — and is currently raising concerns across the retail industry — is a lack of inventory. With 77% of the world's ports experiencing abnormally long turnaround times, global supply chain delays mean many of the products in high demand still aren't available — and they likely won't make it to the stores, or even the distribution warehouses, in time. Add on the fact that retailers have been struggling to forecast their deliveries and stock, and the combination results in an inaccurate grasp of the amount of available inventory.

Managing the chaos of holiday shopping is hectic enough for cybersecurity teams during normal times, but these supply chain challenges are unprecedented and will create an even greater distraction. Distractions, in many ways, are a hacker's best friend — they create opportunities to disguise intentions, infiltrate networks undetected, and steal valuable information.

Given these unique circumstances of supply shortages and delivery delays, what cyber threats will retailers face during this year's holiday shopping? Here are three scenarios security teams should prepare for.

1. Stress on Payment and Control Systems
With a strapped delivery and distribution network leading to less physical items available for immediate sale, purchases for gift cards and store credits are likely to increase. In response to this trend, security teams will need to keep payment collection systems protected against fraud, enhancing the defenses on all systems to catch and stop the use of fraudulently made cards. Retail organizations should implement new, stronger access controls — especially on their payment systems — while leveraging microsegmentation to isolate from their internal IT systems, which are prime ransomware targets. The functionality of payment systems is critical, especially for retailers around the holidays. If you can't accept a payment, then you're out of business.

2. Online Traffic Overload
Just like in physical stores, traffic surges on company websites during busy shopping seasons — and the holidays are no exception. With the pandemic shifting many consumers' buying behaviors, online shopping continues to gain momentum. As a result, retailers should be prepared for their security systems to be overloaded, with massive online traffic volumes likely to exceed years past. Such overloads can lead to crashes and operational concerns, and in a sea of data and newly created events, attackers are much more difficult to detect — anomalies blend in where visibility is lacking. Retailers should expect hackers to run distributed denial-of-service (DDoS) attacks against them during peak shopping times, when a smaller amount of DDoS traffic is required to be disruptive to their online operations.

3. Phishing and Spoofing Spikes
Retailers distracted by more customers, staffing shortages, and supply chain challenges — and shoppers overwhelmed by the stress of the holiday season — will be more susceptible to spoofing and phishing attempts. Adversaries use these opportunities to create spoof websites, redirections, false webpages asking for credit card information, and phishing activity disguised as an email from a retailer. Security teams and shoppers alike need to be prepared for these tactics to increase in the coming months. Retailers should review their websites before the holiday season to assess their vulnerability to malware that could execute URL redirect attacks. To prevent such attacks, they can make sure all site plug-ins and Web application firewalls are up to date, and that access to both is secure.

There are many considerations during this busy time of year, but retailers must prioritize cybersecurity. With an increased dependence on websites, digital transactions, and online connectivity, a cyberattack could shut down a company's entire operation — affecting its ability to earn revenue and effectively serve customers, but most importantly, putting customer and company data at risk. By focusing on protecting payment and control systems, ensuring servers can meet the demand from online traffic surges, and educating employees and customers about what phishing and spoofing signs to look for, retailers can prevent cyber threats from adding even more chaos to an already hectic time.

About the Author(s)

Dave Cronin

VP, Cyber Strategy Lead at Capgemini Americas

Dave Cronin is VP and Cyber Strategy Lead at Capgemini Americas. He leads Capgemini's Cyber Center of Excellence (COE) and is also responsible for professional services development and execution, competitive positioning, thought leadership, and technology partnerships. His expertise includes a solid balance of technical, information security, compliance, and product management skills. Dave has more than 25 years of experience in IT/OT, network security, consulting services, and brings client needs to the forefront of an engagement.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights