By Rajnish Gupta, Managing Director and Country Manager, Tenable India
As Black Friday approaches, e-commerce businesses are preparing for a surge in online traffic and transaction volume. According to forecasts of Admitad partner network, this year, Indians are expected to spend 15 to 20 percent more on Black Friday deals, fueling an overall e-commerce boom. However, the holiday shopping season is also prime time for cybercriminals, who are eager to exploit the increased volume and festive chaos.
The modern e-commerce landscape relies heavily on cloud applications, AI, and personalised customer experiences. This dependence on technology brings flexibility, scalability, and vast data storage—ideal for handling Black Friday surges but also making retailers tempting targets for cybercrime. Cybercriminals eye this season to strike, seeking to access sensitive data or run holiday scams. From credit card details to consumer information, attackers can make a quick profit by exploiting e-commerce systems.
Black Friday is a field day for scammers
Black Friday is not just about great deals for shoppers—it’s also a field day for fraudsters. Cybercriminals look to steal credit card numbers and personal information shared during transactions, often using methods like phishing emails, fake discount offers, and fraudulent websites to trick customers into revealing sensitive information. Not only is this data valuable for the attackers themselves, but they can also sell it on the Dark Web for a hefty profit.
In-store and online, point-of-sale (POS) systems, mobile devices, and e-commerce platforms create a vast “attack surface” for cybercriminals. While IT teams focus on maintaining uptime, performance, and transaction speed, security measures—like timely patches—can sometimes be delayed, leaving systems exposed to cyber threats.
One of the biggest threats to e-commerce sites is SQL injection attacks, where attackers target input fields like customer data forms, search bars, and order notes. Attackers insert malicious code into these fields, exploiting vulnerabilities in the back-end systems. Every form that consumers fill out presents an opportunity for attackers to probe for weaknesses.
Safeguard your business this silly season
To protect against these threats, retailers should conduct rigorous system assessments to identify and address vulnerabilities. Many issues highlighted in the 2023 Top Routinely Exploited Vulnerabilities list involve services or systems exposed to the Internet. There’s a strong correlation between internet-facing systems running software with known vulnerabilities and the likelihood of exploitation—some of these vulnerabilities date back as far as seven years. Addressing these known vulnerabilities promptly is crucial to prevent unauthorised access to critical business systems and to safeguard both company and customer data.
Security best practices, such as applying software updates and configuring settings to limit access, can help prevent attackers from exploiting weaknesses in the infrastructure.
A Holistic Approach to Cybersecurity
For retailers, cyber resilience must be a top priority—not just a holiday task. This means implementing cybersecurity best practices to ensure consumer data in the cloud remains safe, payment transactions are secure, and threats are proactively managed. Increasing visibility into all assets, networks, and domains, including sub-domains, is crucial for quickly identifying potential threats and protecting your business in real-time.
Retailers who take cybersecurity seriously will enjoy the trust of their customers and the ability to navigate peak shopping seasons without disruption. Those who neglect it, however, may face significant risks to their revenue, reputation, and business continuity. Protect your business, and let your customers shop with peace of mind this Black Friday.
