By Hemant Harie, Group CTO at Data Management Professionals South Africa
As local retailers gear up for Black Friday – the year’s biggest shopping event – the rush to process payments, manage stock and serve customers across multiple branches leaves many exposed to a surge in cyber threats. From an IT perspective, Black Friday typically translates into an exponential spike in traffic for retailers, placing a significantly higher demand across infrastructure such as online platforms and cloud environments. This surge in activity poses risks, as cybercriminals often exploit system vulnerabilities while retailers’ IT teams typically focus on uptime and performance, which can leave security gaps overlooked.
Cybersecurity today is deeply intertwined with data management, and when dealing with operations spread across multiple provinces, with varying connectivity between branches, warehouses and head offices, it quickly becomes apparent how fragmented the landscape can be.
Retailers often make infrastructure decisions based on location, connectivity quality, or revenue potential. While understandable, this creates significant disparities across systems, and those disparities become blind spots.
The real vulnerability
For example, while the data centre infrastructure might be managed with precision, in line with best practices and robust security principles, at the branch level, the retailer may have point-of-sale systems running outdated software, disconnected from the broader security framework. That is the weak link, and it is not just theoretical, but a real vulnerability.
Ransomware tops the list of threats faced by retailers and is almost always the entry point. Whether through phishing, compromised credentials, or insider mistakes, attackers get in, encrypt everything and demand payment, which sometimes escalates to double or triple extortion.
Black Friday amplifies this risk, and threats such as Distributed Denial-of-Service (DDoS) attacks also spike, especially targeting payment platforms. If retailers cannot transact, business grinds to a halt.
Retailers must face the reality that their endpoints are the weakest link. Because centralised systems offer better control, many large enterprises are moving back to office-based models. Remote work, by contrast, often relies on unsecured home setups and public Wi-Fi, making it easy for attackers to exploit.
Any connection to your retail network must be protected. Additionally, credential theft and social engineering are rising, with billions of leaked records enabling attackers to impersonate staff and launch targeted campaigns.
Disruption means instant revenue loss
Disrupting a retailer’s e-commerce or point-of-sale system means instant revenue loss. Transactions stop, and customer experience takes a major hit, especially if attackers go beyond the store and target customers directly.
Brand trust also suffers as most consumers will not return to a retailer if they feel exposed by a breach. And with regulations like DORA, GDPR, and POPIA in play, the fallout is not just reputational, but also financial and legal. A breach could trigger compliance violations, insurance claims and regulatory scrutiny.
Cyber resilience depends on four elements: visibility, tested backups, proactive simulations and human awareness. It is not about having protection but about knowing it works.
As retailers try to balance the need for fast transactions and customer service with robust data protection measures, they need to understand that the world has changed, and so must their approach to infrastructure and backup. Backup environments now require the same rigour as production systems.
Strong platform and endpoint protection
Fast, secure transactions depend on robust platforms and strong endpoint protection. Monitoring across distributed environments is critical, and service providers must understand the full stack: infrastructure, backup and security. AI and automation are also essential, and while modern backup tools include threat detection and anomaly response, they must be tested to ensure they’ll work when needed.
The next step is integration. Backup and security platforms must communicate to deliver real-time visibility, speed and resilience. That is how organisations can stay ahead of today’s threats without sacrificing performance.
Ultimately, cybersecurity is a company-wide responsibility and starts with recognising that protection must extend across the entire retail ecosystem: infrastructure, endpoints, people and processes. Every connected component is a potential entry point that must be protected.
