Black Friday multiplica pontos cegos de segurança nas empresas, alerta Tenable

As Black Friday and Cyber Monday approach, both physical and digital retailers rush to expand infrastructure, deploy new servers, adjust integrations, and update systems to support access peaks. In this scenario, the almost exclusive focus on availability and performance can hide a growing problem: the silent expansion of security blind spots across IT, OT, cloud, and web application assets, which may be exploited by malicious groups during the most critical time of the year for commerce.

According to Scott Caveza, Senior Research Engineer at Tenable, criminals do not go on recess. Unlike consumers planning time off and travel, attackers monitor the increase in transaction volume and look for weak links in organizations' security posture. With over 300,000 Common Vulnerabilities and Exposures (CVEs) registered on CVE.org, security teams face the daily challenge of prioritizing what truly matters, and mistaken decisions in this triage leave systems, consumer information, and other data at risk.

It is in this context that exposure management platforms gain relevance by offering a comprehensive view of assets, i.e., all the points of contact with the internet that companies possess. The technology helps identify which systems support business operations and shows how specific vulnerabilities can affect them. Instead of treating all flaws as equal, the goal is to understand which exposures, combined with weak identities and misconfigurations, amplify the real risk of attack.

The rush to launch promotions, customize websites, and integrate new payment methods also increases the attack surface. Custom web applications and CMS (Content Management Systems) require continuous scanning and audits to detect misconfigurations, vulnerabilities, and weaknesses that could compromise financial transactions and sensitive data. Insecure identities or excessive privileges allow a successful attack to occur in just a few steps, precisely when operations cannot stop.

“While many await holiday rest, attackers do exactly the opposite: they intensify their activities in search of any flaw that can be exploited,” states Caveza. “To reduce risk, organizations need visibility and actionable insights about the exposures that truly put their assets in danger.”

During the holiday season, the volume of deployments, updates, and integrations grows exponentially, increasing the likelihood of security-compromising failures. Environments involving IT, OT, cloud, identity, and web application assets require redoubled attention. It is not enough to identify isolated vulnerabilities: it is necessary to understand the context of exposures across the entire infrastructure.

Tenable's recommendations involve a proactive approach to identify relevant exposures, continuously analyze critical assets, and mitigate risks before they are exploited. Only then can companies move away from a reactive posture, keep attackers at bay, and maintain secure operations during the retail industry's busiest period of the year.