SMBs urged to update software ahead of Black Friday

News
By published

NCSC identified 4,151 online shops compromised using vulnerability within e-commerce platform Magento

A pair of hands holding mobile phone showing payment success information on screen
(Image credit: Shutterstock)

Small and medium-sized businesses (SMBs) are being urged to update their software ahead of Black Friday and Cyber Monday to avoid financial and reputational damage.

The warning comes after the National Cyber Security Centre (NCSC) identified 4,151 online shops that had been compromised using a vulnerability within the e-commerce platform Magento. With 250,000 clients, the Adobe subsidiary is the third-largest e-commerce system globally, after WooCommerce and Shopify.

NCSC alerted the affected retailers of the vulnerability in late September, with Magento issuing a security patch on 12 October.

What is m-commerce? Hackers use Linux backdoor on compromised e-commerce sites with software skimmer The technology powering the future of shopping

All online businesses are being urged to update their software, as the mass shift to e-commerce since the start of the pandemic has caused more customers to shop online than ever before, increasing their risk of falling victim to online scams.

Hence, the NCSC has issued guidance on running a secure website and avoiding threats including skimming, which has been described as “a threat to all retailers” by British Retail Consortium assistant director Graham Wynn.

The trade association has urged “all retailers to follow the NCSC’s advice and check their preparedness for any cyber issues that could arise during the busy end of year period”.

RELATED RESOURCE

Transforming specialty retail with AI

Future proof your retail business with AI

FREE DOWNLOAD

NCSC deputy director for Economy and Society, Sarah Lyons, said that the agency wants “small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period”.

“Falling victim to cyber crime could leave you and your customers out of pocket and cause reputational damage. It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date,” she added.

Last year, Check Point’s security researchers observed a sharp increase in the number of phishing exploits in the run-up to Black Friday and Cyber Monday, with phishing emails having increased by over 13 times in early November 2020. In December 2020, RiskIQ security researchers discovered around 37,000 fake retail websites set up to scam holiday shoppers, with 208 domain infringement events containing only “Black Friday,” “Cyber Monday,” “Boxing Day,” or “Christmas”.

Sabina Weston
Sabina Weston

Having only graduated from City University in 2019, Sabina has already demonstrated her abilities as a keen writer and effective journalist. Currently a content writer for Drapers, Sabina spent a number of years writing for ITPro, specialising in networking and telecommunications, as well as charting the efforts of technology companies to improve their inclusion and diversity strategies, a topic close to her heart.

Sabina has also held a number of editorial roles at Harper's Bazaar, Cube Collective, and HighClouds.

More about business strategy
Cartoon-style recruitment concept image showing male job candidate sitting across desk from female hiring manage during an interview.

Tech talent shortages mean firms are scrapping traditional recruitment strategies
Agentic AI concept image showing a digitized human brain in purple color with interconnected data points.

AI is now vital to MSP growth, but adoption challenges could hamper success
Male software developer using AI coding tools on a laptop computer while sitting at a desk with earphones on in an open-plan office environment.

Lenovo: Enterprises aren't ready to take advantage of AI productivity gains
See more latest
Most Popular
Male software developer using AI coding tools on a laptop computer while sitting at a desk with earphones on in an open-plan office environment.
Lenovo: Enterprises aren't ready to take advantage of AI productivity gains
Oracle
UK cloud infrastructure set for boost amid $5 billion Oracle investment
Cisco logo and branding pictured at the Mobile World Congress in Barcelona, 2023.
Cisco unveils new agentic AI tools to improve customer and employee experience
Thomas Kurian, CEO at Google Cloud, sat next to Demis Hassabis, CEO at Google DeepMind, Mark Read, CEO at WPP, and Allison Kirkby, CEO at BT Group, at the Gemini for the United Kingdom live event held at the Google DeepMind HQ in London.
Google Cloud announces UK data residency for agentic AI services
A hand on a keyboard in a dark room
Alleged LockBit developer extradited to the US
Github logo on a laptop computer arranged in the Brooklyn borough of New York, US, on Friday, March 31, 2023
Organizations urged to act fast after GitHub Action supply chain attack
Female job candidate with short hair participating in a video call interview while using AI tools on small tablet device out of view of the recruiter.
‘If you want to look like a flesh-bound chatbot, then by all means use an AI teleprompter’: Amazon banned candidates from using AI tools during interviews – here’s why you should never use them to secure a job
Jeremy Fleming, former head of GCHQ, onstage with Haider Pasha, chief security officer, EMEA & LATAM at Palo Alto Networks at Ignite London 2025.
Businesses must get better at sharing cyber information, urges former GCHQ chief
A Dell Inspiron 14 AI PC pictured inside a Best Buy store on Black Friday in Pinole.
AI PCs are becoming a no-brainer for IT decision makers
Wifi symbol, internet connection, business, global communication, mobile network, 5g, mobile phone
94% of Wi-Fi networks are vulnerable to deauthentication attacks