blog post

Black Friday and Cyber Monday 2023: A Cybersecurity Battlefield

The Looming Threat Amid the Shopping Frenzy

As the calendar flips to Thanksgiving 2023, consumers and businesses alike are gearing up for the great American retail bacchanalia known as Black Friday and its digital cousin, Cyber Monday.

This year, like moths to a flame, consumers and retailers swarm to these twin peaks of commercial frenzy, set to eclipse the dizzying sales heights of yesteryear. Adobe Analytics whispers of last year’s siren song, where shoppers poured out a staggering $9.12 billion on Black Friday and a cool $11.3 billion on Cyber Monday, while Salesforce casts a wider net, capturing a global haul of $40 billion by the time the sun set on the eastern seaboard.

However, lurking beneath the surface of these blockbuster shopping days is a growing threat: cybercriminals poised to capitalize on the chaos. With the pandemic still fresh in memory, the digital shopping realm has become a fertile ground for sophisticated scams and cyber-attacks.

Surge in Scams: A Cautionary Tale from 2022

Last year’s shopping spree turned sour for many, as Barclays reported a 22% surge in purchase-related losses from scams during Black Friday and Cyber Monday, with the average shopper losing a whopping US $1,200. This trend is only expected to escalate in 2023, with early preparations by cybercriminals already underway, as indicated by research data on increased dark web activity related to Black Friday.

Enterprises Not Immune to the Digital Threat

While retail consumers are primary targets, businesses are not immune to these threats either. We are certain that the wave of cyber-attacks is likely to swell, with scammers blending seamlessly into the flood of legitimate holiday marketing. The danger is twofold: direct attacks on businesses and indirect threats through employees caught up in retail scams.

I know this first-hand because as recently as today, I, who have been around this space my entire professional career, have caught myself opening emails I should never open.

The Art of Phishing in the Holiday Season

Phishing remains the cybercriminal’s tool of choice, with emails, text messages, and calls masquerading as irresistible holiday deals. These seemingly benign messages often conceal malicious intent, from malware distribution to credential theft. We need to stop resisting employee education on recognizing and resisting these deceptive tactics. And we need a system like the one we have here at CyberEd.io that will identify human risk factors in near-real time so we can help those most in need of training and education learn what they need to do to become more effective cyber-citizens.

A Call for Enhanced Cybersecurity Measures

We also need modern identity management solutions that obscure passwords from employees, reducing the risk of credential compromise even when phishing attempts succeed.

The Road Ahead: Vigilance and Preparation

As Black Friday and Cyber Monday 2023 approach, both consumers and businesses are advised to approach with heightened vigilance. With cybercriminals becoming increasingly sophisticated, the need for comprehensive cybersecurity awareness and robust protective measures has never been greater.

We need to up our game to eschew the allure of impossible discounts, to school ourselves in the dark arts of phishing. Watch for those misspelled baits, the emails that reek of urgency, the calls that come at odd hours from unknown voices.

We need to enlist vendors who can build a fortress of security, where passwords are hidden jewels, known only to the system, not to the user. It’s a world where even if the phishing hook is swallowed, the line breaks, but the password remains elusive.

As we stand on the brink of this annual ritual, let’s arm ourselves with knowledge, with caution, and with a healthy dose of skepticism. Let’s go eyes wide open, wallets secured, and digital footprints covered. For in this grand festival of consumption, it’s not just about snagging the best deal but emerging unscathed on the other side.

Author

Steve King

Managing Director, CyberEd

King, an experienced cybersecurity professional, has served in senior leadership roles in technology development for the past 20 years. He has founded nine startups, including Endymion Systems and seeCommerce. He has held leadership roles in marketing and product development, operating as CEO, CTO and CISO for several startups, including Netswitch Technology Management. He also served as CIO for Memorex and was the co-founder of the Cambridge Systems Group.

 

Schedule a Demo with Us!

Fill in the form and we’ll get back to you as soon as possible.

Closing The Education Gap In The Cybersecurity Industry

Our latest resources and blog posts help you stay in touch with what’s happening in the industry. Want even more updates? Sign up for our newsletter!