Guest Column | November 23, 2021

Tech Experts Share Insight On Combating The Chaos Of Black Friday And Cyber Monday

light bulb meeting

As Black Friday and Cyber Monday approach, we can expect to see online shoppers flocking to purchase gifts and take advantage of the endless promotions for the holiday season.

COVID-19 is still causing massive disruptions in this year’s economy including supply chain issues, delayed shipping times, labor shortages, and a higher volume of online orders. The influx of online orders has contributed to one of the highest years of online sales in 2020. There was over $14.13 billion spent in online sales in 2020, which is a 19% increase over 2019 (Adobe Analytics). What can we expect in 2022?

We spoke with several technology experts who shared their insights on how consumers and retailers can bring order to the chaos and provide their customers with a safe and secure shopping experience this holiday season.

Andy Fernandez, senior manager, product marketing at Zerto, a Hewlett Packard Enterprise company

"Big retail events like Black Friday have become more online-based over the last few years, especially with previous retail giants like Walmart starting Black Friday shopping deals earlier every year. As consumers flock online for the latest bargains, many retailers will be looking to adjust their websites to ensure they can cope with sudden increases in traffic and deliver a seamless experience. Given the retail industry was reported as the second industry most attacked by ransomware this year, retailers must have a laser-focus on security in their preparations for Black Friday. A ransomware attack on the day could be catastrophic.

Black Friday is well known for being the last chance for retailers to hit profits before the end of the year. Given the importance of this event, some retailers may have already been exploited with hackers holding off and the ransomware lying dormant until it can do maximum damage—for example early morning on Black Friday. By holding off, the impact of the attack doubles: a retailer’s entire operation has been shut down on the most profitable day of the year, all while being held to ransom.

To avoid this, retailers need to shift to a more pragmatic and strategic security approach that aims to ensure the organization can recover fast from a cybersecurity event and get back to business as usual with zero data loss. Once you’ve been compromised, prevention is no longer a viable protection strategy. By implementing tools that deliver disaster recovery and continuous data protection, IT teams effectively regain control of their destiny and can’t be held to ransom by external threat actors that are intent on disruption or extortion." 

Jeff Keyes, VP of product marketing & strategy, Plutora

“Black Friday is one of the biggest shopping days of the calendar year. Particularly over the past few years, online shopping has soared in popularity, and so retailers need to ensure that their websites are able to cope with this influx in demand. On days like these they’re faced with an unpredictable load on the system combined with last-minute changes to handle special processing on the deals. Part of this relies on businesses not scheduling updates to critical systems, such as their websites, during these busy times, risking the site being unavailable during this crucial window.

“Retailers should control their updates to key systems on and around the Black Friday-Cyber Monday weekend to prevent downtime. They need to be confident that production software will remain stable and up and running without any updates needing to be pushed out. Equally, it’s also vital to ensure there is an immediate response for any hot fixes that are required for any issues that do crop up. Once the weekend is over, and ideally lots of sales have come through, release managers can get back to scheduling regular updates to continue to improve the website, and thereby improve customer experience.”

Nicola Kinsella, VP of global marketing, Fluent Commerce

“As the world begins to stabilize post-pandemic, retailers are facing new challenges with supply chain issues, labor shortages and unpredictable shipping. However, even in the midst of these obstacles, almost a third of shoppers are planning to spend more this year than in 2020 and 56% of U.S. consumers stated that delivery delays would negatively impact future purchases. Retailers will either need to find ways to face these issues head-on or risk long-lasting effects on their brand.

There are several ways having a quality order management system (OMS) in place can assist retailers with managing the chaos in a more profitable and efficient way. This includes fulfilling from the best location based on sell through rate or markdown price, including location capacity for online orders in your sourcing logic, or the use of third-party logistics (3PL) or drop ship vendors (DSV) to expand your range and availability. This Black Friday/Cyber Monday, taking a proactive approach could make the difference between ongoing brand loyalty and shoppers finding another vendor to satisfy their holiday needs.”

Alex Pezold, CEO, TokenEx

"Cybersecurity might get a lot of attention during the holiday shopping rush, but just as important to businesses--especially from a revenue perspective--is the provision of a frictionless customer experience. Unfortunately, preventing online credit card fraud isn't always conducive to a smooth checkout process. However, by using technologies like 3-D Secure for authentication, network tokenization for more secure card life cycle management, and fraud prevention platforms for advanced decision making, businesses can protect themselves and their customers from fraud while minimally disrupting the checkout experience. As a result, these businesses can increase conversion rates, enhance consumer trust, and ultimately generate more revenue."

"It's almost trite to warn online shoppers about the heightened activity of cybercriminals during this time of year. However, what's arguably even more important is for merchants to ensure their checkout processes for card-not-present payments are sufficiently secure. Card data should be encrypted--or better yet, tokenized--immediately upon acceptance and never stored internally in its raw form. By doing so, these organizations can not only protect their customers, but they also can increase their chances of being PCI compliant."

Danny Lopez, CEO, Glasswall

“With the holiday season around the corner and employees looking to step out of the office and spend some well-deserved time off with their families and friends, it's important that organisations don’t let their guard down when it comes to cybersecurity. Between 30% and 50% of the annual average of data breaches happen during November and December. In 2019, there was a 63% malware spike in the U.S. between Nov. 25 and Dec. 2 alone.

Adversaries like to take advantage of the fact that retailers are sending out more emails to showcase offers, and employees are trying to tie up loose ends before going on holiday. During the holiday season especially, emails can easily be spoofed, ridden with malware-infected ‘special discount or sale’ documents, or containing malicious links to trick even the most cautious of employees and consumers.

Taking a proactive approach to cybersecurity and having the measures in place to prevent attacks from penetrating your systems is the best way to ensure your organisation can enjoy the festive season without suffering a breach. It’s also far more efficient and cost-effective than relying solely on your employees.

Content disarm and reconstruction (CDR) technology can provide immediate protection as a threat attempts to penetrate an IT environment. Any attached files undergo an instantaneous, four-step process to scrub the document of any malicious code and makes sure it is safe going into the network. This ultimately helps to create a digital environment where a threat cannot exist and keeps the holiday season merry and bright.”

Lex Boost, CEO, Leaseweb USA

“Evolving technology has blurred the lines between physical and digital shopping for consumers. Thanks to robotics, artificial intelligence (AI), cloud computing and virtual and augmented reality, retailers can bring an enhanced experience through the options of ‘fitting rooms,’ personalized digital displays, customer face recognition, instant payment and more to the palm of someone’s hand.

The one downside to the enhancements in technology is the pressure on the retailer to meet the customers’ expectations — particularly during the influx of traffic caused by Black Friday and Cyber Monday. Organizations must ensure that their infrastructure is built for speed, security, and reliability as to not disrupt the customer experience.

One of the most important steps a retailer can take is partnering with a comprehensive cloud hosting solution that includes hybrid ready product portfolios, core uptime, iron clad security solutions and an extensive network that addresses industry-specific requirements and can be trusted in times of high traffic to deliver a quality experience for customers.” 

Liron Damri, president, Forter

“There is no doubt that retailers benefit from the huge spike in consumer spending each holiday season. In 2020 alone, eCommerce exceeded $4.3 trillion, a volume originally forecasted for 2025. With the expansive growth of the online market comes great possibilities for retail companies -- but it also introduces more surface area for fraud and abuse.

Return abuse is returning items to a retailer, online or in-person, which are not eligible for a return. Thus, most return fraud is committed when your consumers find loopholes in your policy. This can include everything from wardrobing (returning a worn item) to returning stolen goods. In a survey, 54% of merchants indicated lost revenue of above $5 million annually due to this form of abuse. As the holidays approach, make sure your return policies are clear and simple and your employees are trained on when to accept returns.

We believe that return abuse can be minimized through real-time decisioning. If you can identify bad actors or repeat abusers, you can adjust policies in the moment. For example, a person who has frequently used an ‘item not received’ excuse must sign for delivery. A repeat returner can buy merchandise, but it is all sales final. By bringing more consumer intelligence to eCommerce, businesses can reduce loss to return abuse, while maintaining differentiated policies for their best customers.”

Tom Callahan, Director of Operations, MDR, PDI Software

“Leading up to Black Friday and Cyber Monday, consumers have been hearing about potential issues with retail and delivery supply chains. Although there are a lot of reasons why certain products might not be on store shelves or deliveries might be delayed, one reason we can’t overlook is cybersecurity.

Because the retail supply chain is increasingly digital and interconnected, the entire chain can quickly be impacted by a single cyberattack on one company along the chain. For instance, we’re now seeing what used to be simply ransomware attacks turning into extortionware attacks. If a business gets breached and decides not to pay the ransom to get their data back, cybercriminals are now using that data to extort not only the business, but the customers and partners of that business as well. As a result, the blast radius of a cyberattack can escalate very quickly across a wide footprint. That has the potential to completely disrupt the retail supply chain.

To guard against that, companies need to follow their established security best practices and maintain vigilance. But they must also be wary of how interwoven their supply chains are. They must be able to protect sensitive data and maintain secure access points as they interact with other businesses through the cloud.”

JG Heithcock, General Manager (GM), Retrospect, a StorCentric Company:

“Today’s mid-to-enterprise class retail organizations manage complex IT operations that depend upon numerous technologies, distributed across the HQ datacenter and each remote location, to provide customer-facing and back-office functionalities. This creates a vast attack surface for the would-be cybercriminal that only needs to be right one time to get in, versus the datacenter management team that must be right every time, every day, in every way. Today, it is not a matter of ‘if’ ransomware will get in, rather a question of ‘when?’

Consequently, while prevention and detection are critical, today’s top priority must be the recovery piece. Retail IT executives should choose a data backup solution that provides broad heterogeneous platform and app support. It should ensure automated backup protection across the entire IT environment from the central datacenter to remote offices to the edge and into the cloud. This feature is particularly important to retail organizations with numerous remote stores, which oftentimes do not have on-site IT expertise to ensure data and operations security and protection. Next, the backup solution must auto-verify the backup process. It should check each file in its entirety to make sure files match across all environments, which consequently ensures the ability to recover in the event of an outage, disaster or cyberattack. And this one’s a deal-breaker -- at least one backup must be immutable, unable to be deleted, corrupted, or changed in any way, even if the ransomware has already infiltrated your organization, and integrated itself into the backup process.”

Surya Varanasi, CTO, StorCentric:

“According to Salesforce, the 2020 holiday season broke records and online sales in 2021 are expected to continue to surge. Salesforce predicts ‘online sales will continue to grow, up to 10% in the U.S. and 7% around the globe. Put another way, between November and December, online shoppers will spend $259B in the U.S. and $1.2T globally. And thanks to better omni-channel experiences, you can expect shoppers to keep clicking ‘add to cart’ even past the shipping cutoff.’ While there is always a chance that ransomware will hit a smaller retail organization, the greatest likelihood is that it will target large organizations with operations, revenue and PII to protect, as well as the deepest pockets to pay.

Our advice to these retail IT executives is to put aside traditional strategies and instead take their data protection and security to the next level -- from basic to unbreakable. An Unbreakable Backup solution overcomes today’s most common cybercriminal strategy, which is to attack the backup first, and then come after the production data and operations. In this way, the retail IT executive loses their backup plan -- excuse the pun -- and is at the mercy of the ransomware demands. Instead, Unbreakable Backup creates an immutable copy of the data which cannot be deleted, corrupted, or changed in any way. And it can do so for copies kept on-site, remotely and in the cloud. Then, it takes the admin keys and stores them in another location entirely -- hidden from cybercriminals or even an insider threat. Once done, retail IT executives can rededicate their time to activities that ensure the optimum customer experience and premium sales, as well as safe, efficient and cost-effective back-office operations.” 

Will Conway, CEO, Pathwire

“The holidays are hectic for any business during the Black Friday/Cyber Monday Rush. But for email marketers, the weeks leading up to it are just as chaotic. With online shopping now the norm, email inboxes are packed with promotional offers from all types of businesses. For promotional emails to exceed revenue expectations, e-commerce businesses must first focus on deliverability – are your messages actually landing in the inbox? Once that is addressed, the other key is to target audiences based on everyone’s interests.

The return on investment is normally high with email marketing, and Black Friday tends to be the peak for the e-commerce business. In 2020, the Data and Marketing Association said that email earned more than $35 for every $1 spent. When companies build advanced personalization into their email strategies, it allows them to get ahead of the competition. The right email program will help bring in new customers and turn them into long-time customers.”