Over Christmas we relax and let our guard down as these are festive times to share with friends and family. Cybercriminals capitalize on this to launch attacks, with a spike in incidents on the days between Christmas and New Year. Threats involving social engineering to gain users’ trust are particularly common, hackers then spread fraud, ransomware and malware, enabling them to infect computers, steal private data and defraud users.

The National Cyber Security Centre (NCSC) recently published important cybersecurity guidance to help protect retailers, which comes right as the holiday shopping season is in full swing. Retail organizations are no strangers to cyber attacks. In fact, some recent large-scale retail industry cyber attacks have included popular brands such as Guess, Under Armour, CVS Health, Home Depot, and Target.

The 2022 holiday shopping season is here. Retailers’ discounts are kicking off early, and shoppers are eager to spend, especially with big price markdowns to come as the season progresses. And with the COVID-19 pandemic still a concern to shoppers, more people are expected to shop online this season. What this also means is that as consumers whip themselves into a shopping frenzy, cybercriminals have activated their seasonal scams to try and steal money or personal information.

November brings two of the busiest shopping days of the year, plus some potential security risks, even if you never leave the comfort of your home. The annual Black Friday and Cyber Monday (BF/CM) events that originated in the United States have increasingly become a global phenomenon. With huge sales and “doorbuster” deals to kick off the holiday shopping season, they see a massive number of transactions.

Cyberattacks often target the retail sector, although many of these threats are aimed at the e-commerce channel, businesses have also reported incidents where in-store Wi-Fi access points and even IoT devices are exploited as attack vectors. This is reflected in several studies, which reveal that, together with the education sector, the fashion industry was one of the hardest hit last year and 60% of retail companies are at risk of suffering an attack.

To compete in an increasingly cutthroat marketplace, retailers spend vast sums in hopes of becoming household names. But brand recognition is a double-edged sword when it comes to cybersecurity. Unlike breaches to businesses in other sectors of the economy that operate in relative obscurity, when a breach involves a major retailer it often becomes front-page news since far more people are aware of the company and may, in fact, be devoted customers.

Retailers are facing a more challenging cybersecurity environment than ever, according to a new study, Cybersecurity solutions for a riskier world. With physical and digital worlds colliding, greater levels of regulation, and more savvy cybercriminals, executives agree that we have entered a new era of cyber risk. In fact, 30% of retailers say they are not prepared for the threats ahead. In response to these changes, the role of the retail CISO is expanding.

The retail sector has its own unique cybersecurity risks, especially given the growing emphasis on online commerce. The trend toward purchasing goods and services on the internet has been going on for years. But the volume of e-commerce has seen a sharp increase since the beginning of the pandemic, when many physical stores were forced to lock down or consumers simply opted to buy online rather than visiting brick-and-mortar locations.

For many of us, the holiday season can be both a joyous and stressful experience. Delivering delightful experiences to our families, friends, and customers is inextricably linked with our ability to manage our time and our growing to-do list. Retailers operating in today’s hyper-competitive market are facing similar challenges.