LevelBlue Completes Acquisition of Trustwave to Form the World's Largest Pure-Play MSSP.  Learn More

Request a Demo

LevelBlue Completes Acquisition of Trustwave to Form the World's Largest Pure-Play MSSP.  Learn More

Submit RFP
Request a Demo
Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Operational Technology
End-to-end OT security
Microsoft Security
Unlock the full power of Microsoft Security
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Microsoft Security
Unlock the full power of Microsoft Security
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP

Black Friday 2025: Aligning Cyber Resilience and Business Goals to Protect Your Retail Business

4 Minute Read
  • Black Friday Cyber Threats: As retail sales peak, cybercriminals ramp up attacks, targeting vulnerabilities in retail businesses during the holiday rush.
  • Retailers Under Siege: In 2025, a significant number of retailers, including major brands, experienced increased cyberattacks, highlighting the urgent need for enhanced cybersecurity.
  • Essential Security Measures: Implement comprehensive strategies such as employee training, securing POS systems, and adopting a Zero Trust Architecture to safeguard against emerging threats this Black Friday.

Black Friday is only days away, and despite many stores sneaking holiday decorations onto their shelves since mid-September, it marks the official start of the December shopping frenzy.

The coming days will not only bring a massive surge in sales, but also an equally large spike in cyber threats. For retailers of all sizes, this peak season is prime time for cybercriminals to exploit vulnerabilities. The 2025 LevelBlue Futures Report: Aligning Cyber Resilience and Business Goals in the Retail Sector highlights a critical disconnect: as attacks become more sophisticated, many retailers are confident yet underprepared.

One example of these threats was uncovered this week by the Trustwave MailMarshal team. On November 25, it issued a scam alert on fraudsters impersonating Costco in multiple fake Thanksgiving turkey dinner giveaway scams.

The bogus emails ask users are required to answer a survey, which eventually leads to a phishing page collecting personal and financial info.

Short_Tweet_Template_SLRE
Figure 1. The images above show the process that threat actors are using to obtain information.

Keep personal & payment data safe with cybersecurity designed for the retail sector.

Learn More

The Threat Landscape: Why Black Friday Is a Target

Retail sector attacks in 2025 have been widespread and devastating, having caused severe operational issues even for prominent retailers like Harrods, Marks & Spencer, and Victoria’s Secret.

The continuing threat actor focus on retail, combined with the intense pressure of Black Friday, only amplifies the risk.

The positive takeaway from these attacks is that they are forcing the C-Suite to take notice of their cybersecurity posture, but a gap remains between awareness and defense capability.

  • High Volume of Attacks: 44% of retail executives report experiencing a significantly higher volume of attacks than 12 months ago, with 34% having suffered a breach in the past year.
  • AI-Powered Threats Loom: Organizations expect a rise in AI-powered attacks, deepfakes, and synthetic identity fraud in 2025. Worryingly, only 25% say they are prepared for AI-powered threats, even though 45% expect them.
  • Overconfidence is a Risk: 49% of executives feel highly competent at defending against AI adversaries, but this confidence can lead to complacency. Even confident teams can miss fast-evolving threat vectors without clear, organized oversight.

The data is clear: the threat is real, rapidly evolving, and is not slowing down for the holidays.

 

Six Critical Steps to Cyber Resilience for Black Friday

To protect your business and customers during the busiest shopping event of the year, you must integrate comprehensive cyber resilience into your immediate Black Friday preparation plan.

1. Prioritize Employee Training and Phishing Defense

Your staff is your first line of defense, especially against social engineering attacks, which are becoming more persuasive thanks to AI.

  • Educate Staff on Phishing Scams: Ensure employees know how to recognize and report suspicious emails, links, or attachments, especially those involving payments or sensitive data. 63% of executives say it's becoming more difficult for employees to identify real threats.
  • In-Store Fraud Awareness: Train staff to spot physical credit card fraud. Look for poor-quality holograms/logos, irregular card embossing, tampered signature panels, and suspicious customer behavior (e.g., nervousness, rushing, insisting on multiple declined cards).
  • Strong Authentication: Enforce the use of unique, complex passwords and Two-Factor Authentication (2FA) for all systems accessing sensitive information.

2. Secure Your Point-of-Sale (POS) and Payment Systems

POS systems are a primary target as they handle sensitive financial information.

  • Keep Systems Updated: Regularly update all POS software and hardware with the latest security patches to close known vulnerabilities.
  • Network Separation: Isolate your POS network from guest Wi-Fi and other operational networks using firewalls and anti-malware protection.
  • Modern Payment Security: Adopt EMV chip readers and accept digital wallets (Apple Pay, Google Pay), which use tokenization to avoid sharing actual card information, significantly reducing fraud risk.
  • Online Sales Authentication: For e-commerce, implement CAPTCHA to block bots and 3D Secure Authentication for credit card payments to verify the customer's identity during checkout, reducing card-not-present fraud.

3. Strengthen Your Software Supply Chain

The holiday season often involves integrating new tools or working with more vendors. Retail organizations are underestimating the risks posed by their ecosystem.

  • Increase Visibility: 47% of executives have very low to moderate visibility into their software supply chain. You must push for better insight.
  • Vet Third-Party Vendors: Only 22% of retailers prioritize engaging with suppliers about their security credentials. Immediately vet all third-party apps and services used for e-commerce, payment processing, or customer management.
  • Limit Access: Only grant vendors the minimal access they need. Immediately revoke access for any vendor or integration no longer in use.

4. Adopt a Proactive, Zero Trust Architecture

Move from a reactive to a proactive security posture. A Zero Trust Architecture (ZTA) is a foundational strategy for a multi-layered defense.

  • Move to ZTA: ZTA helps identify suspicious behavior quickly by implementing the principle of "never trust, always verify". While only 32% of retailers are making a significant investment in ZTA, it is a critical investment that provides additional layers of protection against unpredictable threats such as ransomware and sophisticated attacks.
  • Invest in Resilience: Focus investments on Application security (66%) and Cyber-resilience processes across the business (65%) to get ahead of risks.
  • External Support: 45% of retailers intend to work with threat intelligence providers in the next two years. Engage external specialists for training, incident response planning, and to help strengthen your defenses.

5. Safeguard Customer Data

The risk of a data breach is highest when transaction volume is high.

  • Limit Collection: Only collect the customer information you absolutely need for the transaction.
  • Encryption is Non-Negotiable: Use encryption to protect sensitive data both in transit and at rest. Ensure any stored customer information is securely encrypted and maintained in compliance with standards like PCI DSS.
  • Regular Data Backups: Have an automated, tested, and secure data backup plan. Store backups in a separate, secure location (like cloud storage) disconnected from your main network to ensure you can recover quickly from a ransomware or data-loss event.

6. Push Cyber Resilience Up the Organization

For security measures to be effective during a crisis like a DDoS attack or a breach, they must be supported from the top down.

  • Boardroom Engagement: Increase engagement among leadership so that cyber resilience is viewed as a core business function, not just an IT issue.
  • Accountability: 51% of executives say leadership roles are measured against cybersecurity performance indicators—this needs to be an organization-wide mandate to foster a resilient culture.
  • Alignment: Integrate security into business decisions from the beginning, including allocating a cybersecurity budget for new initiatives right from the start.

The Black Friday 2025 shopping season will test the resilience of every retailer. By leveraging insights from the 2025 LevelBlue Futures Report: Aligning Cyber Resilience and Business Goals in the Retail Sector and implementing these protective measures, you can move past overconfidence and transform your cybersecurity into a competitive advantage, ensuring a secure and profitable holiday.

ABOUT TRUSTWAVE

Trustwave, A LevelBlue Company, is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Tips & Tricks Vulnerabilities Data Breach

Latest Intelligence

SpiderLabs Ransomware Tracker Update November 2025: Qlin, Cl0p, and Akira Vie for Top Attacker
Defining and Defending Against a Zero Day Attack
From Compliance to Covert Ops: Demystifying the Offensive Security Landscape

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo