Tenable’s Scott Caveza Warns Retailers and Online Marketplaces on Looming Cyber Threats during Black friday 2025.
“With the holiday season approaching fast, many are counting down for two of the busiest shopping days of the year, Black Friday and Cyber Monday. Retail stores and online marketplaces have no doubt been planning for increased traffic, but have they adequately prepared for the next cyberattack? As security professionals, we know that there’s never a “slow period” for bad actors and while many look forward to holiday travel, vacations and unwinding, malicious threat groups will seek opportunities to find and exploit any weak links threatening an organisation’s security posture.
“Staying ahead of these threats requires an effective exposure management platform to give organisations a comprehensive view of the exposures and vulnerabilities putting their assets at the most risk. With over 302,000 registered common vulnerabilities and exposures (CVEs), security teams need to be able to prioritise and mitigate the vulnerabilities that matter the most. An exposure management platform ensures the team can identify assets and understand the tech stacks that drive them, providing better visibility into which vulnerabilities impact those assets.
“With the constant threat of opportunistic threat groups, security teams need full visibility into misconfigurations and insecure identities that could allow an attack to have a devastating effect in a matter of keystrokes. As retailers rush to onboard additional servers and push updates to their websites, are they ensuring to scan their custom web applications for vulnerabilities or perform audits on their web server configurations to ensure these deployments are secure? While some e-commerce retailers may utilise off-the-shelf content management systems (CMS), others often deploy custom web applications.
“In both cases, identifying vulnerabilities, weaknesses and misconfigurations are vital in ensuring sales and transactions can continue securely. The holidays can be stressful, but a breach can have long lasting impacts on an organisation and its customers. This holiday season, it’s imperative that security teams take a proactive approach to their organisation’s security. From IT assets, OT assets, cloud infrastructure, web applications and identity, it’s not enough to just scan for vulnerabilities, security teams need to have the visibility and insights of the exposures that put them at risk. This holiday season, let’s keep attackers out in the cold and ensure we’re taking the right proactive steps to reduce risk, remediate exposures and continue to move beyond reactive security.” — Scott Caveza, Senior Staff Research Engineer, Tenable