Black Friday 2025 is here, and as millions of shoppers flood physical stores and online marketplaces, security experts are issuing an urgent caution. While retailers focus on delivering unbeatable deals and managing the surge in transactions, cybercriminals are equally active, poised to exploit any overlooked vulnerability. In a timely warning, Scott Caveza, Senior Staff Research Engineer at Tenable, outlines the critical cyber risks retailers must confront today as one of the world’s busiest shopping events unfolds.
Holiday Rush, Peak Threats: Why Today Is High Risk
Scott Caveza captures the heightened stakes of the moment, “With the holiday season approaching fast, many are counting down for two of the busiest shopping days of the year, Black Friday and Cyber Monday. Retail stores and online marketplaces have no doubt been planning for increased traffic, but have they adequately prepared for the next cyberattack? As security professionals, we know that there’s never a ‘slow period’ for bad actors and while many look forward to holiday travel, vacations and unwinding, malicious threat groups will seek opportunities to find and exploit any weak links threatening an organisation's security posture.”
Exposure Management Takes Centre Stage
As transaction volumes skyrocket, organisations face an expanded attack surface. Caveza stresses the immediate need for deep visibility, “Staying ahead of these threats requires an effective exposure management platform to give organisations a comprehensive view of the exposures and vulnerabilities putting their assets at the most risk. With over 302,000 registered common vulnerabilities and exposures (CVEs), security teams need to be able to prioritise and mitigate the vulnerabilities that matter the most. An exposure management platform ensures the team can identify assets and understand the tech stacks that drive them, providing better visibility into which vulnerabilities impact those assets.”
On a day when systems are stretched to capacity, knowing which vulnerabilities matter right now becomes a frontline requirement.
Rushed Deployments, Rising Vulnerabilities
Retailers frequently scale infrastructure and update digital storefronts in the run-up to Black Friday. Caveza points out that this hurried expansion can create fresh gaps, “With the constant threat of opportunistic threat groups, security teams need full visibility into misconfigurations and insecure identities that could allow an attack to have a devastating effect in a matter of keystrokes. As retailers rush to onboard additional servers and push updates to their websites, are they ensuring to scan their custom web applications for vulnerabilities or perform audits on their web server configurations to ensure these deployments are secure? While some e-commerce retailers may utilise off-the-shelf content management systems (CMS), others often deploy custom web applications.”
As shoppers transact in real time today, even a single unchecked misconfiguration could be exploited within minutes.
A Breach Today Could Hurt Long After the Sale Ends
The financial and reputational cost of a breach on Black Friday can be devastating. Caveza highlights the long-term implications, “In both cases, identifying vulnerabilities, weaknesses and misconfigurations are vital in ensuring sales and transactions can continue securely. The holidays can be stressful, but a breach can have long lasting impacts on an organisation and its customers.”
He urges retailers to adopt a proactive stance immediately — even during the rush:
“This holiday season, it’s imperative that security teams take a proactive approach to their organisation's security. From IT assets, OT assets, cloud infrastructure, web applications and identity, it’s not enough to just scan for vulnerabilities, security teams need to have the visibility and insights of the exposures that put them at risk.”
Final Call to Action on Black Friday 2025
With shopping volumes reaching their peak today, Caveza’s message lands with urgency, “This holiday season, let’s keep attackers out in the cold and ensure we’re taking the right proactive steps to reduce risk, remediate exposures and continue to move beyond reactive security.”
As Black Friday 2025 unfolds across the globe, retailers are under dual pressure: meeting consumer expectations and defending against increasingly sophisticated threat actors. Tenable’s Scott Caveza reminds organisations that cybercriminals thrive on moments like today.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram
