Black Friday, celebrated this year on Friday, 28 November 2025, is set to draw massive crowds both online and offline, with consumers eagerly hunting for heavy discounts and year-end deals. As the holiday shopping frenzy builds around the Black Friday sales, retailers and e-commerce platforms are gearing up for record-breaking traffic. However, along with booming sales comes a sharp rise in cyber risks. This raises questions about whether businesses are prepared for the threats that accompany the season’s biggest shopping days.
Scott Caveza, Senior Staff Research Engineer, Tenable, has issued a cautionary warning to retailers and online marketplaces as they enter this high-stakes period: “With the holiday season approaching fast, many are counting down for two of the busiest shopping days of the year, Black Friday and Cyber Monday. Retail stores and online marketplaces have no doubt been planning for increased traffic, but have they adequately prepared for the next cyberattack? As security professionals, we know that there’s never a “slow period” for bad actors and while many look forward to holiday travel, vacations and unwinding, malicious threat groups will seek opportunities to find and exploit any weak links threatening an organisation’s security posture,” he said.
Caveza further comments on the Black Friday sales: “Staying ahead of these threats requires an effective exposure management platform to give organisations a comprehensive view of the exposures and vulnerabilities putting their assets at the most risk. With over 302,000 registered common vulnerabilities and exposures (CVEs), security teams need to be able to prioritise and mitigate the vulnerabilities that matter the most. An exposure management platform ensures the team can identify assets and understand the tech stacks that drive them, providing better visibility into which vulnerabilities impact those assets.”
He also asserts that with the constant threat of opportunistic threat groups, security teams need full visibility into misconfigurations and insecure identities that could allow an attack to have a devastating effect in a matter of keystrokes: “As retailers rush to onboard additional servers and push updates to their websites, are they ensuring to scan their custom web applications for vulnerabilities or perform audits on their web server configurations to ensure these deployments are secure? While some e-commerce retailers may utilise off-the-shelf content management systems (CMS), others often deploy custom web applications.”
Caveza also adds: “In both cases, identifying vulnerabilities, weaknesses, and misconfigurations is vital in ensuring sales and transactions can continue securely. The holidays can be stressful, but a breach can have long-lasting impacts on an organisation and its customers. This holiday season, it’s imperative that security teams take a proactive approach to their organisation’s security. From IT assets, OT assets, cloud infrastructure, web applications, and identity, it’s not enough to just scan for vulnerabilities; security teams need to have the visibility and insights of the exposures that put them at risk. This holiday season, let’s keep attackers out in the cold and ensure we’re taking the right proactive steps to reduce risk, remediate exposures, and continue to move beyond reactive security.”
