— By Paul Hafen —
The importance — and urgency — of cybersecurity in the retail industry post-pandemic.
The retail industry has completely transformed over the past few years, and more changes are on the way. As customers hunkered down during the pandemic, online shopping became incredibly popular — forcing retailers to up their game. While companies ramped up their e-commerce services, something that often got overlooked was cybersecurity. Because retailers lagged on installing cybersecurity during their e-commerce boom, there is an increasingly urgent need to improve cyber defenses in 2023 and onward.
Two parallel trends have emerged. The first is the need for more technology integrations on the retailer side. To compete in an increasingly online marketplace, retailers continue digitizing and implementing technology solutions to streamline both customer experience and profit. However, each additional piece of technology is also a potential threat vector if cybersecurity is not executed in lockstep with the improvements. These upgraded technology features are leaving company and customer data exposed to bad actors.
Unfortunately, the second trend is that hackers are aware of the holes in seller security. Retail has been hit hard with ransomware attacks, with two out of three companies being hit in 2021, which is a 75% increase from the previous year. It’s safe to assume that the number of attacks will continue until the sector is able to successfully combat strikes.
Retailers have a great deal to lose from data breaches, as customer trust and reputation are especially critical for a successful online business space. Sixty-two percent of senior retail executives noted that a major concern is reputational damage and losing clients due to cyberattack. Close behind were worries over financial damage caused by having to pay ransoms, reduced productivity while managing the situation and loss of intellectual property and customer data — all part and parcel with damaging and increasingly frequent ransomware attacks.
Despite the urgency, many reported data breaches are attacks of opportunity, besieging those retailers that simply don’t have their defenses up to snuff. To prevent ransomware attacks, companies need to make changes right away, starting with bolstering threat detection, investing in cybersecurity software, strengthening data storage and recovery solutions, as well as training staff to not unwittingly allow malicious elements into the company’s systems. That human element is especially critical; even the strongest software solution can be compromised if an employee accidentally clicks on a phishing email or is tricked into sharing their login credentials with an outside party. This carries over when dealing with third-party vendors; companies would also do well to ensure they are utilizing a secure remote access solution that can manage, log and audit vendor access to networks and devices.
The overall direction of the retail industry’s use of data is creating ever-more appetizing targets for hackers, and subsequently amplifying the damage done by any potential cyberattack. Following the upcoming deprecation of third-party cookies in 2024, retailers will have more reason than ever to closely safeguard their customer data. The industry as a whole is shifting toward first-party data — that which is freely offered by the customer and, as a result, is significantly more valuable to the business. Unfortunately, this same data can also be a veritable holy grail for hackers looking to exploit such personal information to more easily manipulate and scam unsuspecting people. It will be all the more catastrophic should a malicious actor make off with the sensitive information provided by customers directly to their preferred retail establishments, both for the customers themselves and for the retailers who need to face the consequences of such a severe breach of trust. Companies that want to stay ahead of the curve need to advance their cybersecurity now, or they are inviting a future ransomware attack.
Today’s retail sector relies on e-commerce to attract and retain shoppers. Customers have become accustomed to shopping online, and retailers are incorporating technology advancements to facilitate this latest shopping experience. These changes need to be fortified with cybersecurity updates. Without protecting vital company and customer data, retailers leave themselves and their customers vulnerable to ransomware attacks. The best way to thwart relentless attacks from bad actors is to establish an equally uncompromising commitment to implementing cybersecurity solutions — not just once, but consistently, to match evolving threats and eroding defenses.
— Paul Hafen is a cybersecurity expert at Impero Software. For more than 20 years, he has consulted on defense-in-depth strategies for senior leaders of IT and security.