The holiday season is right around the corner, and the shopping spree has already begun. However, the onset of the global pandemic accelerated digital transformation for many retailers. Consumers prefer to shop online instead of visiting stores. The intuitiveness and simplicity of online shopping enable the user to find the perfect gift easily and avoid large crowds. Thus, retailers must prepare their systems to handle the surge in network traffic and perform routine security patches.

Cybercriminals gear up during the holiday season. This sudden shift to e-commerce has made it easier for cybercriminals to target unsuspecting shoppers through fraudulent messages. In addition, they target vulnerable computers and unprotected devices and intercept insecure transactions.

A recent study conducted by McAfee analyzed the changing behavior of online shoppers in today’s evolving cyber threat landscape. The study highlighted some of the most critical risks impacting e-commerce consumers:

• A 49% increase in online shopping of 49% among Americans since the pandemic began
• 36% of respondents plan to complete their holiday shopping online
• 74% of consumers between the ages of 18 and 25 do not check the authenticity of gift cards
• Only 37% of respondents were aware of cyberattacks and associated risks

Risks of Online Shopping during the Holiday Season

As the volume of online sales increases, so too does the number of cyberattacks against online retailers. In previous years, hackers have placed malicious code on the retailers’ websites to capture sensitive data on consumers—names, addresses, credit card numbers, and more. And although people are more aware of cyberattacks and more adept at spotting online scams, they often fall victim to the barrage of cyberattacks during the holiday season.

Adobe Digital Insights report that the 2020 holiday season revenue exceeded $188.2 billion with 32% YOY growth. Retailers expect to surpass these metrics, and the threat of cyberattacks is far more significant with the array of attack vectors: phishing, ransomware, botnet attacks, API spoofing, etc. Specifically, retailers’ APIs are lucrative targets for attackers as they hold sensitive payment and transactional data belonging to customers and businesses.

Moreover, the online shopping boom results in retailers experiencing more DDoS attacks and account takeover attacks using leaked credentials. Some of the three significant cyber-threats that retailers must be aware of include:

• Digital skimming attacks: In which hackers steal customers’ personally identifiable information (PII). Cybercriminals exploit the security vulnerabilities of the third-party JavaScript running on the retailer’s site. Then, malicious code is inserted that skims the credit card information and other sensitive data.
• Credit card frauds: Hackers use stolen card details to make purchases on e-commerce sites. If successful in purchasing small-value items, they use the information to retrieve funds or purchase gift cards, converting them into high-value goods. Gift card frauds are also widespread during the holiday season as they have lesser protection than credit cards.
• Denial of inventory and scalping attacks: Hackers repeatedly add an item to the shopping cart to deplete its stock. With items constantly out of stock, customer frustration increases, and business is affected adversely. Moreover, cybercriminals deploy bots in scalping attacks to buy the most popular products and sell them elsewhere at inflated prices.

Best Practices to Secure Online Sales During the Holiday Season

This doesn’t just apply to large online retailers; it’s also necessary for small businesses and brick and mortar stores to secure their point-of-sale (POS) systems for a better consumer experience. Adhering to PCI-DSS compliance, EMV, tokenization, encryption, and increasing employee awareness and training are the best ways to maintain cybersecurity. Below are the cybersecurity best practices to prepare for the holiday season:

1. Monitor real-time data from endpoints and other systems interacting with your organization’s network. This adds visibility and prevents malware from being deployed into the system.
2. Keep all software and applications up to date via patch management and vulnerability prioritization. Protect website functionalities and safeguard newly added pages or features with bot mitigation solutions and a strict ruleset.
3. Prepare for a high volume of traffic and DDoS attacks by testing your infrastructure to ensure protection across all web resources.
4. Implement proper cybersecurity practices for users: strong passwords, multi-factor authentication, and reminders to change their passwords.
5. Perform regular data backup to increase the availability of business operations in case a cyberattack occurs.
6. Having a robust incident response plan in place is crucial for recovery procedures.
7. Implement continuous cybersecurity awareness training for staff members.

Conclusion

Despite the stresses of the holiday season and the evolving threat landscape, strong cybersecurity measures can deter cybercriminals—for large retailers and small businesses alike. Therefore, e-commerce businesses and their customers must understand pervasive cyber-attacker trends, tactics, and procedures to help protect sensitive information from targeted compromise.

Hence, cybersecurity awareness and training is a best practice that works with end-users to help detect suspicious email or phishing attacks. And even if a breach occurs, a robust incident response plan will enable organizations to respond promptly, securing the integrity of sensitive customer and business information and other configuration data from the POS system. So implement these best practices to keep your business running smoothly during the holiday shopping season and beyond.