This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our PRIVACY POLICY for more information on the cookies we use and how to delete or block them.
  • Retailers, don't let cyber threats ruin your Black Friday cheer

Retailers, don't let cyber threats ruin your Black Friday cheer

23 November 2023

Original content provided by BDO UK.

Black Friday, Cyber Monday, Christmas, and New Year are full of opportunities for retail to thrive, but they also bring a higher risk of cyber-attacks. It’s imperative that retailers prioritise security to minimise cyber threats and protect your systems, customers and importantly your reputation. 

The Golden Quarter: opportunities and risks

This year, Black Friday falls on November 24, followed by Cyber Monday on November 27. These two dates are pivotal in the shopping calendar, with global online spending surpassing $40 billion (UK £8.71 billion) on Black Friday in 2022. Cyber criminals understand this is an important time of year for you and will look to exploit this and your surge in traffic. A threat actor may look to hold your key systems such as payments or warehouse management to ransom, with the rationale that you’re likely to pay a ransom to return to business as usual as quickly as possible. With the increase in transactions, they may also look to take advantage of staff members, duping them into clicking malicious links whilst they’re busy and distracted, allowing an attacker to gain access to your systems, to strike then or later. They’ll also seize the opportunity to target your customers, using fake confirmation and delivery texts to attempt to get their payment card details.

Protecting customer trust

Earning and maintaining customer trust is a challenging task, yet crucial for sustaining longer term customer relationships. Many studies highlight that organisations that fall victim to data breaches frequently continue to experience customer attrition as a direct consequence of such incidents. In this digital age, safeguarding customer data and ensuring a secure shopping experience is paramount to not only sustaining a competitive edge but also preserving the trust that lies at the heart of these relationships.

A cybersecurity gardener’s tale 

Imagine your digital environment as a beautifully landscaped garden. Within this garden are distinct types of plants symbolising systems, sensitive data, employees, third parties, and contractors. Your job is to maintain this garden and ensure its well-being.

However, your garden faces constant threats from pesky insects (hackers), unruly weather (organised crime syndicates), and even the occasional wild animal (nation states) that might disrupt the peace. If your garden's defences are breached, it's as if your garden gate swings open, and chaos ensues. The plants (data) scatter, and your client enters crisis mode, desperately trying to recover and contain the damage.

In the realm of cybersecurity, your role is to act as both the diligent gardener, preventing these threats and safeguarding the garden, and the skilled landscaper, ready to restore and beautify the garden if a breach occurs. Your aim is not only to protect the garden but also to respond swiftly and restore its natural accord if it's ever disturbed.

Patterns suggest that most successful cyber-attacks originate from exploiting common vulnerabilities. Fortunately, there are steps that you can take to protect your business and your customers from rising cyber risks. By prioritising fundamental security measures, you can make considerable improvements to your cyber defences.

Our four pillars of cyber defence 

These are proactive steps you can take now:

  • Secure: Lock the door to your digital world against threat actors. Make sure all business critical systems are up to date with security patches and raise cyber security awareness amongst employees and customers. 
  • Reveal: Keep a vigilant eye for hidden dangers in your cyber ecosystem. Assess all your applications/systems/services that are exposed to cyber threats then ring-fence and monitor them.
  • Respond: Act decisively to regain control when cyber threats strike. Revisit your incident response playbook - if you find that something isn’t right, investigate it immediately. It may turn out to be a false alarm but equally could have been serious. It’s better to catch cyber weaknesses early before losing valuable sales and damaging your reputation.
  • Develop: Adapt to stay ahead of cyber threats and protect what really matters. Consider operational disruptions that will directly affect your sales and reputation. The need for effective backup, business continuity, and disaster recovery must be prioritised. 

Real world scenarios

Here are two instances where we assisted clients, one unaware of their systems’ vulnerabilities, and the other that we aided after experiencing a cyber breach.


We conducted penetration testing for an online retailer to assess their security weakness. The test cases were bespoke designed to identify not only the system vulnerabilities but also the risks to the business. Playing the role of a hacker, in under a couple of hours, the team had circumvented a business logic to apply unlimited discounts, take complete control of the internet facing server, gain internal access to the corporate network and database, and access all confidential customer and employee data. The Head of Internal Audit/Chief Finance Officer understood the real risks to the business. The outcome was the creation of a programme to remediate and further strengthen the platform and its supporting infrastructure.


In the realm of ransomware saga, a biotechnology company that had fallen victim to a sophisticated ransomware attack engaged BDO. Their daily operations ground to a halt, resulting in severe financial losses, compounded by a lack of in-house expertise to contain the situation. Responding to this emergency, our expert team engaged remotely within a couple of hours to take control of the situation. Swiftly, we teamed up with the client’s vendor and quarantined the malware, preventing any further lateral movement, and diligently worked to restore normal business functions within 24 hours while keeping monitoring in place.

BDO’s journey didn't conclude there, as our team continued to provide post incident support to remediate the root cause of the malware's entry into the network. Our client could make informed changes, and apply the lessons learned to strengthen their security defences to reduce the likelihood and impact of a similar incident in the future.

Have questions? Contact us