Don't Fall Victim to Cybercrime This Black Friday

November 6, 2018 - Ensighten

With your business at its most vulnerable this busy holiday shopping period, how can you avoid a costly data breach?

The United States has long been familiar with Black Friday, the busiest retail day of the year and the unofficial start to the holiday shopping season. However, Black Friday – and the subsequent Cyber Monday – has now grown into a global phenomenon with millions of dollars spent in-store and online worldwide.

As well as expanding geographically, the promotional run-up to Black Friday is now starting earlier among retailers and running up until Christmas. Indeed, during this year’s holiday shopping period, the National Retail Federation (NRF) forecasts that consumers will spend $1,007.24 each – up 4.1 percent on last year. The five-day period between Thanksgiving and Cyber Monday alone will drive $23.4 billion worth of online sales, says the report by Adobe Analytics.

But behind the headlines of consumers flocking to grab a bargain and businesses celebrating a huge payday, is that the massive spike in traffic volume and transactions during this period can cause a host of problems for companies.


What are the website risks around Black Friday?

The most prevalent concern is a company’s website will crash – even those of high-profile brands – under the weight of Black Friday traffic. Companies can take certain measurers to try to ensure this doesn’t happen – for example, by performing preliminary site audits for potential bottlenecks, setting up monitoring systems, scaling heavy parts of their site, applying vertical scaling and speeding up content delivery process.

But while it’s vitally important to maintain site availability, it isn’t the only challenge retailers face during this extended holiday shopping season; businesses are at their most vulnerable as cybercriminals take advantage of the exponentially busy period to target systems and steal data.

The last few years have seen a huge increase in cyberattacks – 2017 was labelled the “worst year ever” for data breaches and cyber incidents around the world. We witnessed high-profile data breaches and ransomware attacks such as the WannaCry virus disable the systems of hundreds of targets worldwide, including public utilities and large corporations.


How can Black Friday be exploited by hackers?

Businesses are already stretched to capacity during the demanding holiday period. Criminals will exploit this knowledge to target those firms, usually because of the confidential customer data and PII they collect and hold – whether it’s bank details, email addresses or other personal information, meaning website security around this period is of the upmost importance.

“The sheer volumes of traffic and sales generated by promotional events like Black Friday and Cyber Monday can make them a target for hackers and fraudsters, who are looking to take advantage of vulnerabilities that may put ecommerce and online payment systems when operating under particularly heavy loads,” says publisher of Retail Technology magazine, Miya Knights.

One of the major problems is that a data breach can often lie undetected for shockingly long periods – the average time from compromise to discovery was 101 days in 2017. The Pentagon recently suffered a data breach when hackers gained access to the personal information and credit card numbers of its personnel. Officials admitted that it’s possible the intrusion went undetected for months.


Cyber attacks - the fallout

For businesses, a cyberattack or data breach of any kind can be disastrous, both financially, and reputationally.

It has therefore never been more important that businesses secure their website  and mobile apps to protect the data which is being input through these channels during this busy period. Enterprise businesses typically have solutions in place such as load balancing, DDoS protection and web application firewalls, however, it is equally important for focus to be on the client side risks to customer data.

It is therefore crucial that brands have real-time marketing security (MarSec™) in place on their website to protect against malicious attacks and data loss. This ensures that criminals can’t target form fills, chat boxes and ‘piggyback’ unauthorized tags across a website, potentially gaining access to all the customer data traditionally collected and used for campaigns and other marketing projects.

Despite this however, our research shows that 67 percent of enterprises have implemented no marketing security for their website, despite their concerns of a data breach.

In this era of heightened focus on data privacy and stringent regulation, businesses can’t afford to be so cavalier with their data protection.


How can you secure your website?

  • Think about your marketing security solution as a necessary part of your organization’s cybersecurity strategy. You need the ability to block unwanted website trackers and third-party technologies from firing and to ensure compliance with your visitor’s preferences and global data privacy laws
  • To ensure you don’t suffer performance issues, in the lead up to Black Friday, dedicate time to performance testing and undertake real time site reporting to see what third-party technologies are firing on your site, and which pages they are loading on. Allowing these tags ensures that only specified third-party technologies can access this data and will ensure that your customers’ data does not become exposed
  • Take charge of third-party technologies to regulate load times and stop unwanted customer data leakage to ad networks by enforcing which vendors can operate on your site
  • Use server-side tagging to enjoy faster page load speeds, and to reduce security risks. A trend is for organisations to opt for server side tagging as a way of improving security in particular across secure pages. The benefit here is that the removal of JS code reduces web page load time and provides risk mitigation against data leakage or malicious attacks
  • Don’t leave your preparations until the last minute! Ensure you have plenty of time to correct any performance issues you many find on the website

With Black Friday fast-approaching, maintaining both the performance and security of your website will help ensure a profitable holiday season for your business, get in touch to find out more about MarSec™ for your website.




Founded in 2009, Ensighten is the global cybersecurity leader providing client-side protection against data loss, ad injection, and intrusion while enhancing website performance.

Learn more about Ensighten and our solution

Website attacks webinar

Learn more about the most common cyberthreats today and how you can protect against data theft

Watch Now

Online skimming guide

Learn more about the attack method utilized by cybercriminals to successfully steal millions of credit card numbers

Read Now

Online demo

See the Ensighten solution in action to learn how we can help protect against data theft and exfiltration

Book Now