Prep the Halls: Readying Your Retail Environment for the Holiday Rush

July 1, 2023 | by Matt Keil

Long before the clock ticks past midnight into the morning hours of Black Friday, excited shoppers are eagerly preparing to hit the pavement and the websites of their favorite retailers. Using ecommerce applications for retailers across the globe, everyone is scoping out potential buys in the hopes of finding those deals and the hot products that will make for the perfect present. However, one thing will be different this year, even as vaccination efforts are enabling physical shopping worldwide — retailers should expect customers to continue to avoid the crowds and stick to online shopping.

Everyday Cequence Security helps some of the largest retailers to defend their web, mobile and API applications against today’s advanced automated attacks. So, we asked the experts on our customers’ teams for their advice on preparing for the rush. Below are four tips they shared for fellow ecommerce organizations gearing up for the 2021 holiday season.

 Stress Test Everything

This one is a bit obvious, but it’s important to reiterate that your infrastructure is about to take a beating. Therefore, it’s critical to ensure that your ecommerce applications and everything they depend on won’t buckle during the increased load generated by both shoppers and the botting community. While not every team also has the time and resources to simulate attack traffic, it’s something to consider if your organization can manage. In particular, if you’re going to be releasing a hot, hyped product be sure your team has scoped out ways to double (or quadruple) capacity and work through multiple risk scenarios so that you’ve got a plan of action before you’re in the heat of the moment.

Also, if you haven’t already, assign someone to track your infrastructure spend. Building a baseline over time will help you budget and potentially even uncover issues that may have gotten missed while providing valuable data to justify new security tools that might help.

Tidy up the Shop

There have likely been a few issues you’ve identified since the last busy season. Don’t wait. Prioritize those fixes that you’ve been putting off. If you can tackle them now, you’ll be in a much better position as the festive season arrives and the shoppers descend. Many organizations enter the holiday freeze on October 1st, and some even earlier. If you don’t take care of an issue now, you might not be able to touch code or tweak your configurations when in code freeze and bot activity ramps up.

Clearly Define and Communicate Responsibilities

If you oversee a team, clear as many obstacles from their path as you can manage and clearly outline your priorities and goals as you begin to approach the starting line. If that means running a bit of defense between them and other requests so you can empower your team to focus on preparing, do it.

At the same time, be sure you’re not wasting cycles on something another team has already figured out or has made progress on. This collaboration uncovers where there are overlaps in responsibilities and identifies ways to help each other out and make the organization more efficient. Especially when it comes to threat investigations, chances are if you see something weird, someone else in your organization or industry is likely also observing it or has additional data and details that will help you resolve the issue downstream.

Identify Potential Risks and Fraud 

Whether you’re dealing with content scraping to create fake marketplaces or account takeover attacks that target loyalty programs and identity/credential theft, it can be a lot for you and your infrastructure to deal with during the busiest time of year. So, mitigate what risk you can now, while you still have some time.

Even if you have bot mitigation measures in place, it is very likely that there is malicious activity that your current solution is not detecting. For example, if orders per minute are increasing so quickly that the backend is struggling to scale, it may be worth investigating further.

Bots adapt quickly, so even if your solution worked at the start, the botters may have retooled and identified ways to bypass your defenses. Fortunately, there are newer solutions, like Cequence API Spartan, that can react as quickly as the bots and maintain high efficacy to keep defeating those malicious bots.

The shopping bots are sure to be out in force again this holiday season, and they are smarter than ever. Unfortunately, you can be certain that they will be hard to differentiate from legitimate customer activity, and, if left unchecked, will lead to a poor customer experience, reduced inventory allocation, cost overruns and performance issues. Some retailers might wonder if it matters who gets the sale during such a busy season as long as inventory keeps moving, but research shows it can lead to dissatisfied guests and brand damage.

Good luck and best wishes to everyone who will shortly begin to prepare for the holidays!

If you’d like to learn more about stopping automated attacks, watch a 5-minute demo of our platform in action:

Matt Keil


Matt Keil

Director of Product Marketing

Additional Resources