The internet has changed the way that goods and services are bought and sold. The retail and e-commerce sector continues to undergo rapid transformation as consumer expectation increases.
We demand high quality experiences, products and services, on desktop and on mobile. On the back end, analytic engines, third-party integrations and digital payment systems all drive higher margins and increased profits. In sum, investment in technology and innovation is the new cost of doing business.
But these extraordinary innovations come with a price: an increased attack surface for cybercriminals to exploit and exposure to an increasingly virulent and sophisticated threat landscape.
The breadth of cyber risks that retailers now face is significantly broader and attacks themselves more frequent than ever.
Today we publish a whitepaper – Cyberthreat intelligence for Retail & E-commerce – which provides trend information and guidance as we approach the busiest shopping period of the year.
This whitepaper focuses on the issues that confront the C-suite in retail and e-commerce today, including sector-specific threats against which organizations should defend themselves.
The whitepaper offers guidance to meet these challenges, including detail on how threat intelligence can mitigate the impact of a cyberattack:
- Why is the retail sector targeted?
- How retailers can manage their cyber-risk
- The role & benefits of threat intelligence
Commenting on the publication of the whitepaper, Daniel Solis, CEO & founder, Blueliv, stresses particular vulnerabilities for retailers.
“In the past we have observed cybercriminals taking advantage of an upsurge in activity during busy shopping periods with successful attacks. Expect attacks trying to compromise user accounts, infiltrate corporate networks, phish for PII and other sensitive customer information, infect shopping websites and harvest sensitive data.
“We’ve noted that fraud schemes even target rewards and loyalty programs, increasing the number of points on legitimate accounts to purchase cheaper goods. These attacks can result in huge financial losses, reputational damage and now a regulatory impact under the likes of the GDPR, which this year has finally found its teeth.”
Why is the sector targeted?
This industry is a prime target for cybercriminals due to the data the company holds and can gain access to. The more valuable data you hold, the greater the target. For example, consumers’ PII is intrinsically linked to payment or cardholder data needed to complete transactions or stored for targeted marketing later down the line.
Software vulnerabilities or customer databases not using a sufficient level of encryption are ripe for attack. An attacker exploits either of these vulnerabilities and can exfiltrate payment information for customers, impacting the company’s bottom line in compensation costs, not to mention significant reputational damage and regulatory penalties.
Additionally, retail and e-commerce are particularly susceptible to phishing, cybersquatting and other social engineering attacks. A carefully crafted spoof site, for example, can be used for advanced phishing campaigns, spreading malware and capturing visitor information.
More specific to retail, payment technologies present a number of opportunities for attackers. It is surprisingly easy to install malware on PoS devices, for example, which records data on every card used in the machine. There are also strains of malware which can create backdoors elsewhere in the organization, persist and spread through the entire network to infect millions of PoS devices and harvest huge amounts of data. In a similar vein, a reliance on third parties can create a weak link in the chain.
What happens next?
Daniel continued, “retailers and e-commerce companies of all sizes can take proactive steps to understand why and how they are targeted by cybercriminals. Armed with the right defenses, they can manage their digital risk, minimize their window of exposure and deploy fraud prevention techniques. Brands need to be trusted, and a successful cyberattack can have a massive impact. Educating themselves on the risks out there can prevent customer attrition, and save both their sales and a considerable headache during the busy shopping season.”
The frequency and severity of cyberattacks across all sectors increases and retail and e-commerce are no exception. A proactive, resilient cybersecurity posture is necessary to protect the enterprise, its customers and their data.
Download the report for information on the cybersecurity landscape for retailers, offering insight around trends, responsibilities for companies of all sizes, and finally the proactive steps that retailers can take to manage their cyber-risk effectively.
It is highly likely that more companies will be attacked in the coming months, which will result in heavy regulatory penalties. Alongside this whitepaper, we also encourage companies concerned with data breach to read our GDPR report. In the event of a data breach, it is not a matter of ‘if’ you get hit, but ‘when.’ Putting in place robust cyberdefenses and using tools to mitigate the impact of a breach can reduce your liabilities when the time comes.