Here’s How One Retailer Is Prepping for the Black Friday Cyber Onslaught

The Black Friday weekend is traditionally one of the biggest of the year for online sales, but those sales hinge on the ability of retailers to keep their e-commerce sites going and to fend off threats from cybercriminals.

The stakes are undoubtedly high for retailers, as well as all kinds of companies, and so are the risks. Cybercriminals know that many IT security professionals will be home eating turkey instead of keeping an eye out for online attackers over the long weekend, making it a good time for them to launch an attack. That’s why the Cybersecurity and Infrastructure Security Agency on Wednesday reminded companies, especially those that involve critical infrastructure, to keep their guard up, reiterating guidance it issued last year.

The message isn’t lost on Jon Hocut, head of information security at Brooks Running, who plans to stay close to his laptop the entire weekend. He’s charged with protecting the personal information of the runners who buy his company’s products, as well as guarding Brooks’ overall corporate systems from online attackers. In terms of sales, the “cyber five” stretch, including Black Friday and Cyber Monday, is a huge sales event for the 100-year-old company known for its running shoes and apparel.

Its e-commerce team expects traffic on the company’s retail site to jump 30% to 50% over those peak days.  If the site were to crash over the weekend, it could mean millions in lost sales and throngs of disappointed runners, but the Seattle, Washington-based company has more to worry about than that. Its computer systems also hold “shoe secrets” that need to be kept confidential, as well as the software that sends and tracks shipments to retailers.

The ransomware problem

The “worst nightmare” for many companies, Hocut said, would be a targeted ransomware attack, probably involving a Russian criminal gang staffed with cyberexperts, that would quietly infiltrate a company’s systems, then move through them without being detected.

The attackers would figure which systems are most critical, then find and compromise the company’s backed-up data. Everything would appear to be OK until around midnight on Thanksgiving, when the company’s incident response team is home, stuffed full of turkey and nearly asleep, he said. “That’s when they start hitting all of your systems and taking them down,” Hocut said. “When you’re at your least ability to respond.

“That’s the nightmare, and that’s what we have to keep from happening.” Ransomware really is nightmare stuff. The attacks, which have locked up entire computer systems at businesses, schools, hospitals and elsewhere, are getting more frequent, more successful and more expensive.

According to Sophos’ State of Ransomware report earlier this year, 66% of organizations surveyed said they were hit with a ransomware attack in 2021, up from 37% in 2020. And 6% of those attacks were successful in encrypting their victims’ data, up from 54% the year before. On top of that, the average ransom paid by organizations for their most significant ransomware attack grew by nearly five times, to just over £800,000, while the number of organizations that paid ransoms of £1 million or more tripled.

A big part of preventing that is making sure systems are locked down and there are enough people to respond if something does happen over the holiday weekend, Hocut said. At Brooks, the entire incident response team will be on call 24/7 over the holiday weekend. The company also recently hired the cybersecurity company Illumio to help shore up its defenses.

The idea is to segment off Brooks’ systems so that the damage is limited if a system is breached, said  PJ Kirner, Illumio’s co-founder and chief technology officer. Kirner likened the company’s systems to the structure of a submarine, noting that subs are built in compartments, so that if one part of a sub is breached, it can be sealed off and stop the sub from sinking. If a company can quickly detect a breach and prevent the attackers from moving through its systems, it also can limit the damage, he said.

The idea isn’t a new one. The inability of companies to silo off their most precious data has long been blamed for some of history’s most massive data breaches. But segmenting massive computer systems is easier said than done, Kirner said.

That’s particularly true for Brooks, Hocut said. The century-old brand, a subsidiary of Berkshire Hathaway, has seen significant growth in recent years. In 2021, its revenue totaled £1.11 billion, marking its first year over the £1 billion mark.

The threats companies face have also changed, Kirner said. While the thought of a massive data breach might have kept security professionals awake at night just a few years ago, the major threat now is the kind of ransomware attack Hocut described. “If you look at attacks maybe five years ago, they were data confidentiality issues,” Kirner said. “You got the customer list, you got emails, you got credit cards.

They were about a breach of confidentiality.” Ransomware, in comparison, is about a company’s operations. “Why are we talking about retail now?

Because Thanksgiving is the most impactful operational day of the year,” he said, adding that customer data is just as valuable to cybercriminals any other day of the year.  It’s those operational threats that will keep Hocut and his staff on “maximum paranoia mode” at least through the end of the weekend. They’ll be taking a close look at any alerts that pop up and will be very grateful and happy when they turn out to be false positives, he said.

Other IT professionals may not be so lucky.

“I expect that 90% of my friends who do incident response as a specialty will probably be working on somebody’s painful experience this holiday weekend,” Hocut said.

Tags:

argus-car-hire listed on couponmatrix.ukatlas-vpn listed on couponmatrix.ukcat-footwear listed on couponmatrix.ukfanatical listed on couponmatrix.ukhighland-wildlife-park listed on couponmatrix.ukmagix listed on couponmatrix.uk
argus-car-hire listed on couponmatrix.ukArgus Car Hire make hiring vehicles in the UK, continental Europe and virtually any other major destination in the world an absolute doddle. By aggregating every hire business of any note onto one, easy-to-use website they can provide you with a car to suit your needs at the lowest price possible with a just a few clicks of your mouse. What's more, you can use the Argus Car Hire discount code to drive prices even lower, enjoying easy, low-cost motoring all over the world.
atlas-vpn listed on couponmatrix.ukProtecting your PC, tablet or iPhone with Atlas VPN isn’t just to stop data breaches and malware – it’ll also speed up your connection and let you watch streaming services from around the world. Atlas VPN is one of the most trusted VPNs, able to be used on unlimited devices, and offering 24/7 customer support. Using our Atlas VPN coupons, you could get your monthly membership for a ridiculously low cost – even as little as £2 per month! Then, you can download Atlas VPN onto all your devices, including Windows, macOS, Linux, Android, iOS, Android TV and Amazon Fire TV, and feel fully confident when you surf the web.
cat-footwear listed on couponmatrix.ukFor rugged boots and shoes that'll last you a lifetime, CAT Footwear is the clear winner. Designed for both work and play, CAT's tough exterior guarantees protection from all elements, and while your feet are safe from outside damage, with CAT's smart design support, they'll also be comfortable on inside. Shop the huge range with a CAT Footwear discount code and pick up the latest pair for a fraction of the price. From boots and trainers to slip-ons and sandals, CAT Footwear has a fit for every foot.
fanatical listed on couponmatrix.ukWelcome to Fanatical, the digital paradise for gamers around the world. We offer the best discounts on games, DLCs, and gaming accessories from your favorite brands. Whether you're looking for a new game to play or a voucher for an upcoming sale, we've got you covered. So browse our selection and take advantage of our amazing gaming offers. Thank you for choosing Fanatical for all your gamer needs! We know that finding discount codes can be a hassle, so we've done the work for you. We scour the internet for the best Fanatical discount codes and Fanatical vouchers, so you can focus on what's important - playing your favourite games. We've got codes for everything, including bundles and the latest releases, so you can get the best deals on your favorite products. So browse our selection and take advantage of our amazing deals. Bag a bargain today! When you want top value and plenty to show for it, look no further than the Fanatical bundles range. Already feature a selection of gaming, book and software collections sold at reduced prices, imagine how much you save when you combine the latest Fanatical vouchers with your bundle purchase. So next time you’re eager to explore new worlds or learn something new, remember you’ll always get your money’s worth at Fanatical.
highland-wildlife-park listed on couponmatrix.ukAnimal lovers, kids and kids at heart will love a day trip to Highland Wildlife, the safari park where you’ll find polar bears (plural!), grey wolves and Scottish wildcats in one place. This idyllic park is situated in Kingussie and can be reached easily by car, train or bus. We’re always looking for ways we can save you money on tickets, so we’ve scooped up all the available Highland Wildlife Park discount codes to help you cut the cost of your next day trip.
magix listed on couponmatrix.ukSave money on multimedia software with Groupon's MAGIX voucher codes. Since 1993 the name MAGIX has stood for user-friendly multimedia software. Their product range includes seamlessly integrated online mobile and cloud services as well as digital content. They place value on outstanding price-performance ratios in order to offer perfect solutions for the creation, design, presentation and archiving of digital photos, graphics, websites, video and music. Beginners and professional users can stock up with discount vouchers. According to retail sales figures, MAGIX is the market leader in the field of multimedia software in Germany and in the most important European markets, and is also regarded as one of the most successful market participants in the USA. Over 15 million registered users and more than 1100 awards world wide go to show how passionate they are when it comes to reaching our goals. Not only do they offer products for all experience levels and applications, but most of their products can also be linked together, allowing the customer, for example, to start a project in one program and finish it in another. In addition to their software, they also offer personal training in their MAGIX Academy in many locations in Europe. Users can also discuss their products and share their experience with each other in our multimedia community magix.info. Customers always have expert knowledge at their disposal with the books, video tutorials and training DVDs included with their programs. MAGIX is headquartered in Berlin and has a development center in Dresden and a logistics branch in Lübbecke, North Rhine Westphalia. Internationally we have branches in the USA, Canada, the UK, France, Italy, and the Netherlands. Save money today with Groupon's MAGIX vouchers.