NAVA warns of four security bugs e-commerce businesses need to avoid on Black Friday

On the last Friday of this month, Black Friday occurs, a period characterized by promotions, but also by a considerable increase in fraud and scams. According to the Brazilian Yearbook of Public Security 2024, cyber crimes can grow up to 13.6% during this event. While much is discussed about how consumers can protect themselves against attacks, there are also strategies that e-commerce companies can adopt to prevent criminals from taking advantage of their information. 

The increase in traffic and online transactions during Black Friday puts e-commerce at risk.To help companies prepare, NAVA Technology for Business shares four mistakes that e-commerce should watch out for to increase security during Black Friday

1-Fragile technology infrastructure: Many sites are not prepared to support the high volume of access. It is essential to review all elements of the infrastructure, especially communication links, to ensure the stability of the digital environment.

2- Data security limited to Black Friday: security should be an ongoing process, integrated with corporate governance and not be a concern only at a specific time of year, as in the case of Black Friday. Companies that invest in secure development, test and implement robust security practices in the technology environment, whether in the cloud or on-premises, over the course of the year will be better prepared to face traffic peaks and threats.

3-Lack of the Zero Trust concept: traditional security controls may be insufficient for the current scenario. Implementing a Zero Trust approach that continuously validates users and devices helps protect the digital environment more comprehensively.

4- Lack of team training: It is vital that the teams responsible for the operation of e-commerce are trained throughout the year.Prepared professionals are able to identify and solve problems more efficiently during the Black Friday period.

Fraud Protection

In addition to the aforementioned checks, companies need to adopt specific technical care in the virtual environment. E-commerce in the cloud should follow practices that ensure security and compliance, starting with the definition of security responsibilities, separating the controls that are the responsibility of the cloud provider from those of the company itself. “A adherence to security standards, such as those of the Cloud Security Alliance (CSA), is also necessary to protect data and transactions. Regular reviews are recommended to ensure that all security controls are correctly implemented and working with a high degree of reliability”, says Edison Fontes, Chief Information Security Officer (CISO) of NAVA.

The executive also warns of the threat of increased use of Artificial Intelligence by cybercriminals. Although AI can be an ally for companies, organized crime also uses it for more complex attacks. The speed and volume of data that AI allows to process are exploited to increase the number and complexity of hacking attempts. “Anticipating these threats involves investment in AI Monitoring that identifies suspicious behaviors that may indicate the malicious use of AI”, adds the expert.