We live in a connected world which allows us to enjoy never-before-seen convenience, efficiency and access to information. With this connectivity, however, comes threats and recently the retail industry has been a main target for cyber-attacks. Retail cyber security is essential to guard against hackers and it is critical that retailers know the risks they face and how to protect themselves against attack.
The main reason that retailers are a prime target for cyber-attacks is mainly due to the rapid expansion of e-commerce. As part of the normal course of business, retailers operating online portals store personally identifying information (PII), including names, addresses, and card numbers for payment and marketing purposes.
On one hand this adds convenience to customers as shopping and purchasing is quick and easy, and on the other retailers are able to target their marketing more effectively. However, retailers’ focus on a hassle-free and personalised shopping experience sometimes means cyber security takes a back seat. This combined with the increased use of cloud-based systems and web applications, makes them easy pickings.
Many retailers also see cyber security as an added cost because the development, testing and maintenance of solid network security measures takes time and manpower, affecting the bottom line. But this way of thinking could prove even more costly down the road.
In a world where data is one of the most valuable commodities, retailers store and have access to a great deal of it. They also deal with a large volume of traffic, both small and large, and even more during predictable key sales periods, such as Christmas, Black Friday, Golden Week, etc. Hackers sometimes use this high traffic as a cover for cyber-attacks.
Of course, having customer or other important company information either stolen or held for ransom is not only financially damaging but also potentially disastrous for brand reputation. This information can also be used for identity theft, follow-on fraud and further phishing campaigns.
Many consumers are still wary of providing their PII online as it is, and a breach of this trust may mean a great deal will never use a particular retailer’s e-commerce portal again.
According to the 2019 Verizon Data Breach Investigations Report (DBIR), most retail cyber-attacks target web applications, trying to access the server to obtain customers’ payment data for the perpetrators’ financial gain. As stated in the report:
“The number of physical terminal compromises in payment card-related breaches is decreasing when compared to web application compromises.
Attacks against e-commerce payment applications are satisfying the financial motives of the threat actors targeting this industry.”
Top cyber-attack methods include malware (particularly through 3rd party applications), hacking, and phishing. Cloud-based Internet of Things (IoT) devices connected to a network such as CCTV, POS, payment terminals, etc. are at particular risk due to the sheer number of potential access points, often outdated firmware, configuration errors, or bugs.
No retailer is too small to large to take action against cyber-attacks. Basic measures include educating staff on how to spot a phishing email, being familiar with the Open Web Application Security Project (OWASP) and employing experienced cyber security professionals operating under a comprehensive cyber security strategy.
These experts can be hard to find and costly to employ, however, but there are some alternative methods of ensuring retail network security. The Guardforce Real-time Insured Defence (GRID), for instance, is a 3-in-1 cyber-attack solution designed to provide comprehensive protection for all networked devices, as well as to protect business reputation from the effects of any data or security breach.
And with just a monthly subscription and no up-front costs, it is a very cost-effective solution for cyber security in the retail industry.
Regardless of the size of a retail business, or the type of information it holds, there is someone always trying to steal its data. It is therefore vital that retailers have a good understanding of the threats they face, focus resources on those threats, and take sufficient measures to address them.
Find out how here how Guardforce’s GRID retail cyber security solution can help protect your business.