By Alan Hawkins, General Manager: Cybersecurity and Software
Online retailers have always been a compelling target for cyber criminals, as they collect, process, and store ever-burgeoning amounts of customer information, including Personal Identifiable Information (PII) and credit card details.
Concurrently, the proliferation of mobile apps and cloud storage options is widening the attack surface, and giving cybercriminals many more attack vectors to work with.
Furthermore, many retail entities are a hybrid of brick-and-mortar facilities and ecommerce platforms, and to manage these ecosystems, they employ a range of technologies, including Point of Sale (PoS) systems, cloud-based solutions, physical security systems and more. However, this fuels complexity and comes hand-in-hand with many cybersecurity risks.
Retailers have to deal with a range of cybersecurity issues including:
Distributed Denial of Service attacks (DDoS)
The use of third-party plugins which are not secure
Firstly, financial fraud comes in many forms. It might involve attackers getting access to customers’ personal information or payment information, then selling that information on the dark Web. It could also involve bad actors using stolen credit card information to make illegitimate purchases from online retailers.
Next, bad bots are all over the web, furtively gathering information about customers’ habits and behaviours. Unfortunately, unscrupulous competitors could use these bots to gather information about their rivals’ inventory and pricing, and then use that information to undercut them. Similarly, malefactors could send malicious bots to ecommerce checkout pages to buy large quantities of a popular product and then sell it on at a much greater cost.
When it comes to automated attacks, a 12-month analysis by Imperva Threat Research that delved into threats that target retailers revealed that attacks on websites, applications, and APIs throughout that time frame, and more so during the holiday season, are a major risk. The research showed that automated threats, such as account takeover, credit card fraud, web scraping, API abuse, and more, caused nearly two-thirds (62%) of security events for ecommerce sites.
Online shoppers are constantly being targeted by phishing scams, sometimes based on special offers or bargains that are impossible to resist. Unfortunately, clicking on these links takes users to a phishing page aimed at getting shoppers’ credit card details or other login credentials. These emails are cunningly crafted to defy all but the closest examination, and often contain logos, URLs, and other information that appears to be the real deal.
Spam and more spam
Spamming is another issue that online retailers have to deal with. In an attempt to get their hands on personal data, or bring a website into disrepute, spammers sometimes leave links or comments on a retailer’s website that contain malware-laden links, which lead the user to a fake website that exposes them to malicious tools.
Ransomware is everywhere
The scourge of ransomware is another thorn in the side of the retail industry. More than three-quarters (77%) of retail entities around the world were targeted by ransomware in 2021, a staggering 75% increase from the year before, when 44% reported being attacked. These were the findings of The State of Ransomware in Retail 2022, a report by Sophos, which also found that retail had the second highest rate of ransomware attacks last year of all sectors surveyed after the media, leisure, and entertainment industry.
Retail entities also have to deal with distributed denial of service (DDoS) attacks, which happen when their servers become overwhelmed by a barrage of requests from a variety of IP addresses, most of which are untraceable, and which cause their servers to crash. This means the retailer’s website is unavailable to buyers, which can dramatically impact sales.
Awareness is everything
While this sounds like a lot to comprehend, being aware is the first and most important step. Retailers who are aware of these threats can do much more to protect themselves and their customers. Importantly, they should build a good relationship with an industry expert security partner. To assess your security requirements and understand your business's weak points, reach out to us at Tarsus Distribution for advice on which technology solutions are best equipped to pre-empt these threats.
After all, as the retail industry becomes more highly digitised, the need for a thorough and robust cybersecurity strategy is ever more critical. Retailers have access to massive amounts of valuable customer data, storing more personal information than ever before.
Keeping this data safe and out of the hands of attackers is key to maintaining customer trust, and keeping buyers returning again and again. However, this isn’t easy, as retailers also need to ensure top security without impacting the user experience, and so balancing cybersecurity with operational efficiency is another tightrope they need to walk.
Again, with the help of a trusted partner, they can achieve this balance by implementing the right security solutions that are tailored specifically to integrate seamlessly with current environments and customer safety.