Prepare Now for the 2022 Holiday Shopping Season

Every year, sources report the next holiday shopping season will be the most challenging for retailers, yet every year, most retailers end up having better-than-expected sales. Will this year be any different? Will the doom and gloom predictions once again lead to better-than-expected sales for the 2022 holiday shopping season?

While most retailers are hoping so, the annual arrival of the holiday shopping season, including peaks such as Black Friday and Cyber Monday also bring an increase in retail-focused cyberattacks. Retailers should start preparing now.

Cybercrime Will Continue to Torment Retailers in 2022

Cybercriminals love the holidays. People are distracted, organizations are hyper-focused on sales, and cybersecurity teams are over-extended and fatigued. There really is no better time for threat actors to launch an attack.

This is why as retailers prepare for the holiday shopping season, they should also be readying themselves to combat the top cybersecurity threats that cybercriminals will be deploying in the hopes of closing out their year with record profits.​

The Holiday Season Attack Vectors We Will See in 2022 

While there are numerous attack vectors cybercriminals will turn to over the course of the year, some are retail-focused and particularly potent during the holiday shopping season:

  • Credential theft – Obtaining legitimate login credentials via phishing emails.
  • Credential stuffing – Using stolen credentials for one site to log in to other sites in the hope they will work because victims have reused username and password combinations.
  • Brand spoofing – Creating fake websites with URLs that appear legitimate, then using phishing emails to trick customers into providing their credentials. Bad actors can also target your employees in this way - as well as illegally using your owned domains to dupe them into sharing information.
  • Social engineering – Researching an organization and then pretending to be a victim’s colleague to trick them into providing personally identifiable information, log in credentials, or even to wire money to an attackers account instead of a vendor account.
  • Supply chain compromises – Using ransomware or some other breach to pose as a trusted supply chain vendor to access the organization’s network.

These attacks can have a strong negative impact, including business/financial disruption, loss of data, and brand damage to retailers while they are striving to close out the year on a positive and profitable note.

Phishing will continue to be the weapon of choice for attackers and ransomware and other forms of malware will continue to run amok in 2022.

The State of Email Security in 2022

Email-based cyberthreats like the ones described above cause havoc on a global scale. These attacks played major roles in cybersecurity breaches in 2021 and are continuing to do so in 2022. According to the survey conducted for Mimecast’s State of Email Security 2022 report, phishing was one of the biggest culprits in 2021 with 36% of data breaches due, at least in part, to employee credentials stolen through a phishing attack, 96% of which occur through email. Phishing will continue to be the weapon of choice for attackers and ransomware and other forms of malware will continue to run amok in 2022.

Can These Attacks Be Stopped?

Most cyberattacks can be stopped before causing damage, but unfortunately, no single solution is fool proof. There is no way that every retailer will successfully stop every attack that comes their way. But there are steps retailers can take to fortify their defenses.

Retailers Need a Strong and Diverse Toolkit

As stated above, no single solution is fool proof. But utilizing integrated solutions gives retailers a real chance of stopping most of the cybersecurity threats they will face over the holiday shopping season. Retailers looking for brand protection and a means to stop cyberattacks must look to:

  • Security awareness training – Educating workers to spot the tell-tale signs of cybercriminals trying to steal their credentials.
  • Automated email security solutions – Deploying technology that automatically scans email content to identify and block malicious threats to worker inboxes.
  • Email incident response plans – Implementing plans that rely on AI-powered automation tools to analyze, triage, and prioritize potential threats when an email incident occurs so it can be further investigated by security teams.
  • Recovery and remediation – Planning in advance for when an attack is successful by deploying integrated archiving and data recover capabilities that deliver fast and easy email inbox restoration.
  • Brand protection solutions - Blocking and taking down malicious domains impersonating your organization, limiting the use of stolen data, and protecting customers, partners and employees from scams that illegally use your domains.

Bringing It All Together

Retailers have the best chance of thwarting the cyberattacks we are seeing in 2022 by preparing now. Finding a strong email security partner is one of the most important steps retailers can take to prepare. Mimecast’s portfolio of products and services can guard retailers against the threats they will be facing. As retailers prepare for this busy time of year, Mimecast can help stop credential theft, credential stuffing, brand spoofing, social engineering, and supply chain compromises.

Mimecast can work with your organization to implement security awareness training protocols that are not disruptive and provide real value, deploy automated email security solutions that can stop threats from being delivered to employee inboxes, implement email incident response plans that can alleviate the pressure on already over-tasked security teams, and if the unthinkable happens, help with data recovery, email restoration, and cyberattack remediation.

Mimecast brings it all together, offering solutions that not only stop retailers from being the victim of a devastating high-profile breach, but that integrate seamlessly into existing systems, other security tools, and workflows employees are already using. 

Download the Mimecast State of Email Security Report 2022

To find out more about Mimecast and the services they provide to the retail industry, click here.

This article was also published in The Retailer, our quarterly online magazine providing thought-leading insights from BRC experts and Associate Members.