1. Home
  2. >>
  3. black
  4. >>
  5. Black Friday & Cyber ​​Monday: retailers, beware of cybercriminals

Black Friday & Cyber ​​Monday: retailers, beware of cybercriminals

Black Friday & Cyber ​​Monday: retailers, beware of cybercriminals

CrowdStrike Inc., leader in the protection of endpoints and workloads in the cloud, has compiled a list of useful tips for companies in the retail sector to protect their business from often underestimated cyber dangers. The days that precede Black Friday and Cyber ​​Monday are, par excellence, a period characterized by numerous promotional campaigns, offers and discounts that kickstart the turnover of the Christmas season. A propitious time during which the activity of cybercriminals finds fertile ground to profit.

The retail trade is an extremely profitable target for cyber attackers. The industry is targeted not only by highly sophisticated hacker groups, such as WIZARD SPIDER, but also of individual authors and small criminal organizations that buy phishing tools and ransomware on the dark-web, with the aim of taking over a part of the market. Precisely for this reason it is necessary to protect the final consumer or one’s business from increasingly sophisticated cyber attacks, especially during the Christmas period.

  Black Friday: here are the best discounts on video games

Here is what CrowdStrike suggests to companies in the retail world to prevent and counter some of the greatest risks.

1- Machine Learning instead of “legacy” technologies

Signature-based antivirus software has long since ceased to be at the forefront, especially in a scenario where hacker attackers continue to constantly evolve their tactics. Companies must therefore update their security solutions to adequately protect themselves. Machine learning learns certain system behaviors and can detect any malicious operation by analyzing these behaviors.

2- Active threat hunting

Hope is not a strategy! Hoping not to be attacked and only reacting after the worst has happened is not an effective approach. To successfully counter the tactics and techniques of attackers today, it is necessary to rely not only on the latest technologies, but also on the know-how of security officers and actively engage in threats hunting. Threat hunting experts do this by constantly looking for tactics, techniques and procedures (TTPs) used by attackers that are not detected by other detection techniques, stopping them as soon as they are identified.

  The black box in the car becomes mandatory from July 2022

3- It is good not to be a simple goal

Organizations of all sizes can get in the crosshairs of an attack, or suffer collateral damage during a large-scale attack, as demonstrated by WannaCry or NotPetya. This makes it even more important to protect the company. Thanks to patch management, zero trust methods and solid security practices, companies raise their security barriers by making themselves a more difficult and, therefore, less attractive target.

4- Keep friends close, but enemies even closer

Predicting how and when hacking groups will attack is impossible, but it is possible to recognize their patterns of behavior. According to the motto “keep friends close, enemies even closer”, companies of all types and sizes should try to understand and learn as much as possible about potential attackers. To successfully counter the tactics and techniques of modern attackers, it is therefore advisable to integrate threat intelligence into your cybersecurity strategy.

  Smartbox Black Friday is already here: many boxes on offer

5- Educate the staff

For any security concept to work flawlessly in a business organization, all employees must be properly trained. Considering cybersecurity as a task for which only the IT department is responsible is not enough, as in the event of an attack everyone needs to know what to do. So-called ‘desk drills’ help train all staff and prepare them to react to potential attacks. By practicing emergency scenarios regularly, each individual can be trained efficiently, and knowledge of the correct procedure in a real emergency situation can be the lifeline.

It is clear that, even following the above suggestions to the letter, companies cannot exclude the possibility of being victims of a cyber attack during the next Black Friday and Cyber ​​Monday . At worst, however, they are well equipped and can ideally repel the attacker or at least limit their damage.