This is the first in a series of articles, featuring exclusive insight from Richard Meeus, EMEA director of security technology and strategy at Akamai and Stephen Faulkner, chief technologist for security at CDW UK.
There’s no time in the retail calendar as vital as the Golden Quarter. According to Adobe data, UK consumers spent an eye-watering £1.12 billion on Black Friday alone in 2024. Needless to say, getting your strategy in place for another record-breaking year is paramount. However, after a tumultuous year for retail security, many will be anxious about the effect that cyber criminals could have on their profitability in this essential time.
As the chaos of H1 2025 taught us, cybercriminals are circling and they are indeed smarter, faster, and more ruthless than ever. The attacks that rocked several major retailers this spring proved two things at once. The first is that artificial intelligence is giving criminals an edge that most businesses are still unprepared for. The second may come as a surprise; some of the most devastating breaches can start with the simplest tricks.
“It doesn’t matter how much you talk about AI and how that’s going to facilitate fantastic new hacking techniques and tools,” says Richard Meeus, EMEA director of security technology and strategy at Akamai. “The fact is, they rang up somebody, and they gave them a password. It’s basic level stuff. Once you’re in the network, everything changes.”
Simple tricks, catastrophic fallout
This simplicity is part of what makes today’s retail cybercrime landscape so dangerous. Stephen Faulkner, chief technologist for security at CDW UK, points out that attacks are rarely a single event, but a chain of carefully planned steps.
“Some of these events are a long time in the planning,” he explains. “The identity-based breach, getting hold of that file or that compromised account, wasn’t just as simple as calling up. They did the social engineering work beforehand, sometimes months in advance.”
Once inside, attackers don’t rush. They “live off the land”, blending in with normal users and using everyday tools like Secure Shell Protocol (SSH) and Remote Desktop Protocol (RDP) to quietly map out an organisation’s systems. When the moment is right, the ransomware or data exfiltration follows, often long after defenders could have noticed.“The average dwell time used to be around nine months in Europe,” notes Meeus. “So being inside for a month or two, like we saw this spring, is actually pretty efficient.”
It doesn’t matter how much you talk about AI and new hacking techniques. The fact is, once bad actors are in the network, everything changes, and you won’t know about it until it’s too late.
Richard Meeus, EMEA director of security technology & strategy, Akamai
AI as a force multiplier for attackers
The fear now is how AI accelerates this chain. Faulkner says criminals are using generative AI and deepfake technology to supercharge traditional social engineering.
“They can scrape data and correlate it from LinkedIn, Facebook, Instagram, everything, and get really distinct messaging,” he says. “They can even clone a voice in minutes. It used to take hours to make a convincing fake. Now, with just minutes of someone’s voice, you can mimic them perfectly. That makes it so much easier to call a help desk, pretend to be an employee, and get in.”
Meeus agrees, but stresses that AI hasn’t rewritten the rules, it’s simply drastically lowered the barrier to entry. “There’s a democratisation of attacks,” he says. “The attacks we already know about are now being done by more people, because they can leverage AI to do the heavy lifting.”
In other words, AI may not create entirely new threats, but it makes old ones harder to spot and more frequent. And for retailers, peak season is when those threats are most likely to strike.
The psychology of cybercrime
If today’s cybercrime is efficient, persistent, and AI-assisted, it is also deeply psychological. “Attackers are psychologists,” says Faulkner. “They know when to hit you and how. Look at the retail attacks over Easter. They came when offices were empty, when retailers were trying to make the most of the holiday trade. Attackers know you’re stretched, they know when your guard is down.”
This psychological element extends to targeting staff. Retail is full of employees who post proudly about their new role online. Meeus warns this information is exactly what attackers look for.
“They’ll go on LinkedIn, see someone new, and immediately try to exploit them,” he says. “‘Hi, this is Jeff from the CFO’s office, we just need your bank details…’ The naivety is exploited straight away. Some retailers now run security awareness sessions on day one, before an email account is even issued.”
Prevention is still better than cure
If this all sounds unnervingly hard to stop, that’s because it is. But both experts stress that the fundamentals still matter most. Strong authentication, secure coding, data encryption, network segmentation and, crucially, staff education remain the foundations of protection.
“You can’t just focus on AI-driven anomalies,” says Faulkner. “If the basics aren’t right, attackers will still get in.”
Meeus echoes the point: “Don’t believe the AI hype. Yes, attackers are using it. Yes, defenders can use it. But a huge number of breaches still come down to someone handing out a password.”
Why peak season is the perfect storm
The spring breaches were devastating because of their timing, but experts warn the trading period during the Holidays is an even bigger target. Retailers are more reliant on digital channels than ever, their staff are stretched thin, and customer impatience is at its peak.
As Faulkner puts it: “Cybercrime has become an industry in its own right. They apply business logic. They know when you’re busiest and most vulnerable, and that’s when they’ll come.”
For retailers, the uncomfortable truth is that peak season is also peak vulnerability. And if AI has given attackers a louder, faster, more convincing voice, retailers cannot afford to treat security as an afterthought.
As we head into this most critical trading window, the message is a clear one. AI-driven threats are rising, and peak season is the perfect storm. But awareness is only the first step. In the second part of this series, we’ll explore how to overcome these challenges and protect your business from attack, with practical strategies to keep both profits and customers safe.
About CDW
Founded in 1984, CDW is a leading multi-brand technology solutions provider to business, government, education, and healthcare customers in the United Kingdom, and more than 170 countries across the globe. With more than 13,000 global coworkers – including 1,600 in the UK – we help you achieve your goals by delivering integrated technology solutions and services that maximise your investment.
About Akamai
Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence.
To ensure your business is ready for anything and well protected, Click Here to book a meeting with a cyber security expert, or visit uk.cdw.com or akamai.com
Click here to sign up to Retail Gazette‘s free daily email newsletter
