eCommerceNews New Zealand - Technology news for digital commerce decision-makers
New Zealand

Guides

#
commerce systems
#
customer data platforms
#
data analytics
#
digital signage
#
payment technologies

Search

Digital illustration crowded computer screen shopping carts locks warnings cybersecurity black friday
#
MFA
#
Phishing
#
Advanced Persistent Threat Protection

Retailers brace for cyber threats during Black Friday sales rush

Wed, 26th Nov 2025
Author image
By Shannon Williams, News Editor

Retailers and consumers are preparing for a surge in online transactions as Black Friday and Cyber Monday approach. At the same time, concerns are mounting about rising cyber threats targeting both businesses and shoppers during the holiday sales period.

Rising risks

As millions turn to online platforms in search of deals, the cybersecurity threat landscape is intensifying. Security researchers are warning that the upcoming sales events present a significant opportunity for cybercriminals to exploit vulnerabilities in retail systems and consumer behaviour.

"With the holiday season approaching fast, many are counting down for two of the busiest shopping days of the year, Black Friday and Cyber Monday. Retail stores and online marketplaces have no doubt been planning for increased traffic, but have they adequately prepared for the next cyberattack? As security professionals, we know that there's never a 'slow period' for bad actors and while many look forward to holiday travel, vacations and unwinding, malicious threat groups will seek opportunities to find and exploit any weak links threatening an organisation's security posture," said Scott Caveza, Senior Staff Research Engineer, Tenable.

Exposure concerns

Organisations face a broad range of vulnerabilities, and not all are equally critical. Keeping up with the vast number of known issues is a challenge for security teams trying to stay ahead of opportunistic attackers.

"Staying ahead of these threats requires an effective exposure management platform to give organisations a comprehensive view of the exposures and vulnerabilities putting their assets at the most risk. With over 302,000 registered common vulnerabilities and exposures (CVEs), security teams need to be able to prioritise and mitigate the vulnerabilities that matter the most. An exposure management platform ensures the team can identify assets and understand the tech stacks that drive them, providing better visibility into which vulnerabilities impact those assets," said Caveza.

As retailers prepare for higher demand by launching new servers and updating their websites, there are risks that can be introduced through rushed deployments and configuration errors. The use of both off-the-shelf and custom web applications creates a complex environment for securing online shopping experiences.

"With the constant threat of opportunistic threat groups, security teams need full visibility into misconfigurations and insecure identities that could allow an attack to have a devastating effect in a matter of keystrokes. As retailers rush to onboard additional servers and push updates to their websites, are they ensuring to scan their custom web applications for vulnerabilities or perform audits on their web server configurations to ensure these deployments are secure? While some eCommerce retailers may utilise off-the-shelf content management systems (CMS), others often deploy custom web applications," said Caveza.

Consumer threats

Online shoppers are also at risk as cybercriminals use increasingly sophisticated techniques to compromise account information and steal funds during the holiday sales period.

Geoff Schomburgk, Vice President, Asia Pacific & Japan, Yubico, outlined a number of threats facing consumers ahead of the Black Friday sales, including phishing emails, non-delivery scams, non-payment scams, online auction and marketplace fraud, and gift card fraud. He recommended consumers remain alert and take proactive steps such as avoiding suspicious links, enabling multi-factor authentication, and using phishing-resistant security keys to protect their accounts.

"With so much of our lives online, protecting our login credentials for online shopping stores has never been more important," said Geoff Schomburgk, Vice President, Asia Pacific & Japan, Yubico.

Proactive stance

Retailers and security teams have been urged to adopt more proactive measures beyond routine vulnerability scanning. This includes gaining deeper visibility into the organisation's assets, cloud infrastructure, web applications, and user identities to identify exposures in real time.

"In both cases, identifying vulnerabilities, weaknesses and misconfigurations are vital in ensuring sales and transactions can continue securely. The holidays can be stressful, but a breach can have long lasting impacts on an organisation and its customers. This holiday season, it's imperative that security teams take a proactive approach to their organisation's security. From IT assets, OT assets, cloud infrastructure, web applications and identity, it's not enough to just scan for vulnerabilities, security teams need to have the visibility and insights of the exposures that put them at risk. This holiday season, let's keep attackers out in the cold and ensure we're taking the right proactive steps to reduce risk, remediate exposures and continue to move beyond reactive security," said Caveza.

Related stories
8x8 extends Secure Pay for global digital payments
Retail & wholesale hit by exposed shared credentials
Privacy shifts from compliance checkbox to market edge
Xero unveils 2025 app Power Lists spotlighting top tools
GenAI & younger buyers reshape Asia Pacific B2B spend

Top stories

AI drives product discovery but reviews still seal buys
GoTo boosts automotive platform with AI & Tekion link
BIXOLON, Printec power thermal receipt kiosks push
Twilio, AEG sign fan engagement & data partnership
Rimini Street launches 20 Agentic UX tools for ERP