Cyber Monday Begets Cybercrimes: Here’s How Retailers Can Protect Themselves


The final lap in the Thanksgiving holiday shopping relay is here. Cyber Monday is an occasion when eager revellers take a break from their Thanksgiving weekend food comas to shop for the best holiday bargains. Although it began on shaky ground, Cyber Monday has proved that it has the ability to pull in massive holiday sales figures. Moreover, since it is now far easier to shop at home and on the go, smartphones have unsurprisingly emerged as a Cyber Monday favorite for consumers looking to score the best Cyber Monday deals.

Cyber Monday sends online sales soaring

Since the evolution of on-the-go net browsing and disruptive smartphones, holiday season shopping has evolved immensely. Today, much of the demand for consumer spending comes from e-commerce channels rather than the traditional brick-and-mortar stores; the world of ‘bricks’ is now the world powered by ‘clicks.’

Cyber Monday, when retailers traditionally roll out a raft of digital sales, has become so popular that in 2016, the National Retail Federation (NRF) reported that Cyber Monday buyers spent an astonishing $3.5 billion, with mobile sales amounting to $1.22 billion of this windfall, making it the biggest shopping day in U.S. e-commerce history.

Nearly 40% of Black Friday and Cyber Monday 2016 sales occurred over a mobile phone, and this is on track to occur again on Cyber Monday 2017, with mobile remaining the most-preferred platform of the  shopping-frenzied weekend.

Increasing online sales attracts cyber threats

Cyber Monday has undoubtedly become one of the prime online shopping days of the year, as well as a time when there are more focussed discussions about cyberspace and cyber reality.

There are two aspects to the sheer endless potential for cyber reality. While digitalization and globalization have opened up new opportunities for customers and organizations to obtain information and conduct business, the increasing number of users and rising count of data on digital platforms, on the cloud and across networks, have also created potential mediums for criminal attacks.

Cybercrime, the catch all term to define an ever-expanding variety of digital assaults from malware to theft of personal data to distributed denial-of-service attacks (DDoS), is becoming increasingly common, more complex and infinitely more disruptive. Crime never sleeps, and criminals are always improving their level of sophistication and exploring new opportunities to plunder. Cyber Monday is particularly ripe for these types of shenanigans, as billions of Americans log in from all over the country to browse and make their purchases.

Retailers are on high alert. U.S. government agencies and companies detected a record-breaking 1,093 data breaches in 2016, up 40% year over year, and all evidence suggests that more digital attacks are coming in 2017.  One in three retailers have already suffered revenue losses because of cyber attacks, and retail establishments perceive targeted attacks as the most extreme risk faced by their business, according to the Cisco 2017 Annual Cybersecurity Report.

Though hacking is not responsible for the shutdown of most e-commerce websites, an ordinary onslaught of consumer traffic caused the online operations of Target, the second-largest discount retailer in the U.S, and Neimen Marcus, an American omnichannel fashion retailer to buckle last year. The threat is no doubt adding to retailers’ concern at a time when online sales are proving to be a highly lucrative growth area.

As per the analysts at Technavio,“this year’s holiday season will likely witness a carry-over of the tactics, techniques, and procedures employed by cyber-attackers with varying degrees of intensity and some bold innovation.”

How can retailers protect themselves from cyber threats?

Whether it’s by leveraging compromised user accounts to commit refund fraud or by demanding payments to end denial of service attacks, malicious hackers are sure to exploit retail system vulnerabilities this year, just as they have in the past several years. Here are a few technological changes needed for retailers to be safe this Cyber Monday-

1) Effective network segmentation

Segmentation is a tried-and-trusted network security approach that has been around since the dawn of IT. It is a significant project, but with security and IT players often juggling competing priorities, it has not been an unanimous favorite. However, today, the increase in the scope and scale of cyber-attacks is changing the outlook towards network segmentation. The latter is a proven deterrent for hackers, especially during the holiday season.

Consequently, network segmentation is increasingly being employed as a form of an active defense-in-depth strategy. From simplifying network management to minimizing the efforts of security audits and providing a strong level of protection for critical server applications, the process of splitting a network into several “sub-networks” can strengthen retail cybersecurity defenses and even boost overall performance.

2) Improve domain and network security

While framing cybersecurity policies, an online retailer should not overlook domain and network security (DNS). What we often see is a retail website exposing its administrative portal through poorly-configured website domains and content management system (CMS), which eventually allows hackers an entry into the mainframe.

In the absence of DNS security solutions or without any preventive policies on network behavior, DNS will only do what it is designed to do- make connections. Hence, creative hackers understand that there are many ways to leverage DNS for their own benefit. Therefore, it is always prudent for retailers to invest in the high-quality DNS offered by top IT and cybersecurity companies, as cheaper is not always better in this space.

3) Establish strong passwords and policies

The single most significant remedial step an organization can take to secure its infrastructure is to ensure all identities, including customers, partners, employees and particularly machines, are correctly authenticated. This sounds simple, but it is very challenging to break the dependence on passwords that is the present-day champion of authentication.

Often, vulnerabilities are created when employees do not change their username and password from the default login information that is initially given to them, thereby posting opportunities for hackers and putting retailers at risk. Even if the latter expose their administrative portal by accident, cyber criminals will still be prompted for login information. However, if default credentials are not changed, hackers can quickly obtain login information through the standard CMS program and often gain complete access to the portal.

Retailers ought to begin by ensuring that they implement strong password policies, which require employees to create multi-factor login credentials, as well as changing that information every so often. A stitch in time saves nine, isn’t it?