Are Retailers Prepared For The Holiday (Cyberattack) Season?

Holiday Cybersecurity Threat

This year’s holiday shopping season is expected to reach as much as $655.8 billion, a 3.6 percent jump from last year according to the National Retail Federation.

The NRF also predicted that online sales alone would reach $117 billion, representing an increase of increase of 7 to 10 percent over last year. U.S. consumers are expected to spend an average of $935.58 during this holiday shopping season, which will run from November to December.

A recent study from NRF revealed that 58 percent of consumers plan to buy for themselves, spending an average of $139.61, an increase of 4 percent from last year’s $133.74 and marking the second-highest level of personal spending in the survey’s 13-year history.

“Many shoppers are taking the approach of ‘one for you, two for me’ this holiday season,” NRF President and CEO Matthew Shay said in a statement. “Retailers are preparing by offering a wide array of merchandise and promotions — items shoppers want to give as great gifts at prices so good they want to buy for themselves, too.”

It’s clear that all signs seem to be pointing to a big gain in holiday sales in 2016.

But according to Michael Patterson, CEO of Plixer says, retailers may be so focused on the predicted holiday sales that they are overlooking the looming holiday cyber threats.

“Black Friday and Cyber Monday are the biggest shopping days of the year and for cyber criminals, that means open hunting season for both consumers and retailers alike. With denial of service attacks (DDoS), ransomware, account takeover and more, cybercriminals have a customized arsenal for the holidays,” Patterson explained.

Patterson noted that testing for DDoS attacks is a wise investment for retailers, as well as setting up contingency plans just in case extortion attempts arise. But the threat of  Mirai-related DDoS attacks, which caused a historic cyberattack and disruption to websites across all sorts of industries, may actually be less –  due to competition for control of the IoT devices to launch such attacks.

“Larger retailers may not be as worried because they contract with traffic scrubbing companies which help ensure a DDoS attack doesn’t cripple their web sites while smaller retailers without mitigation contracts are at risk,” he added.