Every year, retailers dedicate a tremendous amount of energy preparing to take advantage of the holiday shopping season that kicks off with Black Friday and Cyber Monday. They often institute an annual “holiday freeze” period to avoid affecting sales and technology performance with new technology or buggy patches. The reason is obvious: These are the two biggest shopping days of the year, according to IBM’s Digital Analytics Benchmark. With credit card numbers being shared through browsers, smartphones and tablets as well as in stores, it seems logical that cyberattackers would lurk behind the Christmas trees and big door-buster advertisements. Only this year, they didn’t.

My colleague Michelle Alvarez and I conducted some research on behalf of the Managed Security Services team around November’s shopping bonanza and the full year of 2014. Contrary to what most would have expected, we found that the majority of cyberattackers actually scaled back their hacking efforts during Black Friday and Cyber Monday.

When looking at the two-week period from Nov. 24 to Dec. 5, we found that the number of daily attacks dropped from 4,200 in 2013 to 3,043 in 2014. The number of breaches also decreased by more than 50 percent. As a result, only 72,000 records were compromised during this time frame in 2014, as compared to 4 million in the previous year.

This decline could be the result of attackers taking the holiday off. After all, there were some really good deals to be had. On the other hand, it could also demonstrate the effect increased user education has had on consumers. People are more wary than ever and, as a result, are less apt to click on the dancing Santa in that holiday e-card. The more likely explanation is that cybercriminals know retailers are keeping an extra-close eye on their digital security systems during these peak shopping days.

Holiday Shopping Season Targets

Despite this cyberthreat slowdown during the holiday shopping season, the retail and wholesale industries did emerge as the top industry targets for attackers in 2014. In the two years prior, manufacturing ranked first among the top five attacked industries, while the retail and wholesale industry ranked last.

Looking at this two-week period, one might assume that the good guys are winning the cyberbattle. Not so fast! When reviewing all of 2014, we found that cyberattackers stole more than 61 million records from retailers — down from almost 73 million in 2013. The drop might be encouraging, but when the data was narrowed down to only incidents involving less than 10 million records, we identified a different trend. The number of retail records compromised in 2014 increased by more than 43 percent over 2013. What’s also interesting is that attackers succeeded despite launching fewer attacks: Since 2012, the number of breaches reported by retailers dropped by 50 percent.

What this tells us is that cyberattackers are becoming increasingly sophisticated and efficient, achieving their ultimate goals through fewer attacks. Perhaps this success is the very reason they stayed offline during the holiday shopping season.

More from Retail

Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies

Whether it’s online or brick-and-mortar, every new store or website represents a new potential entry point for threat actors. With access to more personally identifiable information (PII) of customers than most industries, bad actors perceive retail as a great way to cash in on their attacks. Plus, attackers can duplicate attack methods more easily since retailers share similar cybersecurity infrastructure. The good news for retail is that the cost of a data breach in the sector remains low compared to…

Lessons Learned by 2022 Cyberattacks: X-Force Threat Intelligence Report

Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights. This year, a new industry took the infamous top spot: manufacturing. For the first time in over five years, finance and insurance were not the top-attacked industries in 2021, as manufacturing overtook them by a…

Magecart Attacks Continue to ‘Skim’ Software Supply Chains

Did your company or e-commerce firm recently buy third-party software from a value-added reseller (VAR) or systems integrator? Did you vet the vendor code? If not, you could be at risk for a Magecart group attack. Magecart is an association of threat actor groups who target online shopping carts, mostly from within the e-commerce platform Magento. The Magecart name is derived by combining ‘Mage’ (from Magento) with ‘cart’ (shopping cart). This type of attack is especially dangerous as it only…

Omnichannel E-commerce Growth Increases API Security Risk

Today, a lot of the digital innovation we see is largely thanks to the application programming interface (API). Without APIs, rapid development would be nearly impossible. After all, the API is the link between computers, software and computer programs. But wherever there’s a link, a potential data security weakness exists. Essential for modern mobile, SaaS and web applications, APIs are nearly ubiquitous in everything from front office, back office and internal applications. By nature, however, APIs expose application logic and…