One software security expert explains how a confluence of unconventional risks may make 2021 year-end shopping extra dangerous: beware!

Following a rewarding Singles’ Day sale (11/11), the next e-commerce sales events many are waiting for will be upon us: Black Friday + Cyber Monday.

This is also a chaotic time for the physical retail scene, as well as for the hackers who are aiming to scoop some gold from unsuspecting victims.

According to one cyber expert, software security consultant Jamie Boote, Synopsys Software Integrity Group, every year offers increased opportunities for businesses and scammers alike, but this year will be especially dangerous. “The year’s spate of supply chain disruptions and high employee turnover rate means that there are new challenges to face and fewer experienced hands to fix them.”

Boote explained that supply chain disruptions create all kinds of opportunities for unscrupulous dealers to introduce risk into end products that may have been circumvented in years where parts were easier to come by. “Normal suppliers of chips and hardware may not be able to fill demand and desperate vendors may need to source parts with a less pedigreed provenance. These counterfeit chips and parts can degrade reliability and availability, or become vectors for malware and back doors. The remote nature of online store fronts makes it much easier for counterfeit goods to be sold as genuine. By passing on this risk, the burden is placed on the end consumer who has to perform extra diligence in terms of testing and validation or be faced with an attack vector or unreliable hardware.”

Brace up for extra shopping risks

Unfortunately, sourcing work hours to devote to security is difficult during the holidays, and extra difficult in the midst of the Great Resignation in some places in the world.

“This time of year is difficult for IT teams that are covering for time off during the holidays while supporting the increase in holiday operations. New hires can help with the issue, but they may lack the training and experience to properly diagnose and respond to security issues. Increasingly, IT departments are turning to outside help for assistance with their security issues,” Boote said.

To make matters more complicated, all this holiday traffic is riding over brand new architectures such as Cloud, microservices, and API driven applications in many new e-commerce setups.

These new services are accompanied by a learning curve and unique tooling needs that, when neglected, can allow attackers to exploit weaknesses during the most important time of the year for some industries.

Boote concluded: “Firms need to be extra vigilant this year end to secure their systems from attack to prevent malicious traffic from flying under the radar. Any incidents need to trigger a root cause analysis that feeds into a get-well plan to close the hole and any ones like it.”