The Cyber Threats Looming Over Retail's Golden Quarter

The festive trading window, from Black Friday to Christmas, brings immense operational pressure.
For retailers and manufacturers hit by cyber attacks this year, including M&S, JLR and Balenciaga, the challenge is twofold: navigating recovery while managing complex staffing and logistics.
The mix of seasonal hiring, increasing online demand and a heightened threat landscape makes identity management a critical security control.
Cyber risk and peak season procurement
The 'Golden Quarter' is when retailers generate a large portion of their yearly revenue, but the associated cyber risk is just as considerable.
Major security incidents have shown how a ransomware attack or data breach can halt warehouse operations, disrupt logistics and damage consumer trust, making robust protection a business necessity.
Exceptional online traffic and transaction volumes make digital channels the backbone of peak trading. Any system compromise has immediate consequences for customers, amplifying reputational and financial fallout.
Rex Booth, Chief Information Security Officer at SailPoint, says businesses will be “betting on the Golden Quarter and Black Friday to rebuild customer confidence and boost sales following the slew of cyberattacks this year”.
He warns that vigilance is essential as increased digital activity attracts malicious actors, adding: "Organisations will be onboarding huge volumes of seasonal staff at speed, many of whom will be given instantaneous access to critical systems without proper training and with minimal vetting. Businesses need visibility of who can access what and when – or else an influx of staff coming and going could become a gateway for attackers.”
Seasonal staffing and identity security risks
Retailers add thousands of temporary workers during peak season, with onboarding accelerated to days or even hours.
To maintain pace, temporary staff get rapid access to point-of-sale systems, order management platforms and support tools – often with limited security training.
This rapid onboarding creates considerable identity sprawl. Shared logins, generic accounts and manual spreadsheets to track access rights create blind spots for attackers.
When the season ends, these temporary accounts are not always revoked promptly. This leaves dormant credentials and over-privileged profiles as potential vulnerabilities into the new year.
“Identity security tools automatically deactivate dormant accounts of departing employees and ensure current staff only have access to what’s needed for their roles – no more, no less. This makes it harder for attackers to fly under the radar undetected,” Rex explains
“In today’s threat landscape, it only takes one compromised identity and retailers could be facing weeks – or even months – of operational chaos and disruption.”
The operational impact of a compromised identity
Modern retail operations are highly integrated, with inventory, payments, logistics and customer data platforms interconnected.
A single compromised identity with broad access allows attackers to move laterally across critical business systems. The impact extends beyond data loss. A security incident can lock employees out of core systems, halting order processing, delaying deliveries and forcing manual workarounds at the busiest time. A breach and the negative press can reverse months of work rebuilding consumer confidence, as seen in cases involving Harrods, JLR, M&S and Co-op.
Businesses must assume some identities will be compromised through phishing or social engineering – even with strong access controls.
Monitoring identity usage for anomalous patterns, like unusual logins, is a crucial second line of defence. Platforms like SailPoint use behavioural analytics to flag risky activity without overwhelming security teams.
In a high-traffic context like Black Friday, this intelligence can mean the difference between catching an intrusion early and discovering it after significant damage has occurred.



