Technological innovations have transformed our retail experience. The impact of emerging technologies such as artificial intelligence, IoT, and mobility are significantly improving the customer experience, while at the same time creating more opportunity for security breaches. The risk is compounded by the fact that each of these emerging technologies increases risk in two ways: first, by increasing the attack surface due to substantial growth in Internet-facing devices, and second, by creating exponentially more data—and bad actors are always looking for an easy path to exploitation.
Shockingly, 24% of all cyberattacks target retailers, making cybersecurity a paramount concern for this sector. A single data breach causes an average drop of 7.5% in publicly traded stock prices, according to Harvard Business Review, and, according to a Business Wire report in 2019, 21% of consumers will stop shopping with a retailer that has been breached. We have never met a retailer that could survive a 10% drop in overall traffic, let alone 20%.
Both Business Operational Leaders and IT Leadership need to work together to understand the threats, vulnerabilities, and their potential impacts on the long-term brand value. This issue is not an IT issue; cyberattacks are an organizational issue.
Most Common Cyberattacks in Retail
- Credential Phishing (30.43%): Attackers impersonate legitimate entities, often through email or fake websites, to trick employees into revealing sensitive information like login credentials.
- Malware (21.74%): Malware, malicious software designed to infiltrate systems and steal data, poses a significant risk to retailers. It can be delivered through deceptive emails or compromised software.
- Ransomware (13.04%): These attacks involve encrypting a retailer’s data and demanding a ransom for its release. Paying the ransom is not a guarantee of data recovery and may encourage further attacks.
- Distributed Denial-of-Service (DDoS) Attacks (10.14%): DDoS attacks disrupt online services by overwhelming them with traffic. For retailers, this means websites can become inaccessible during critical shopping seasons.
- Other Attack Methods (24.65%): While these statistics provide insights into common attack methods, retailers must remain vigilant against a wide range of other threats, including insider threats, supply chain attacks, and zero-day vulnerabilities.
It is crucial for businesses to take proactive measures to protect their systems, customers, and reputation. Such measures include:
- Continuous Employee Training: Even at the store level, retailers must invest in cybersecurity training for employees in connected omnichannel environments. All employees must embrace a strong cyber culture.
- Advanced Security Software: Implement robust endpoint Detection and response (EDR) and extended detection and response (XDR) solutions to detect and mitigate against exploitation-based attacks.
- Network Security: Employ network monitoring tools to detect and respond to DDoS attacks promptly. Consider cloud-based DDoS protection services for scalability and robust security.
- Secure Backup and Recovery: Regularly back up data, and test data recovery procedures to ensure business continuity. Ensure malware detection is part of the operational process.
- Third-party Risk Assessment: Evaluate the security practices of third-party vendors, and conduct third-party exploitation-based testing against your infrastructure.
In a world where omnichannel retail is the norm, retailers must be vigilant guardians of both their own and their customers’ data. At Connection, we understand the importance of creating a secure shopping experience and how it has a direct impact on your bottom-line profits. Engage our Retail Practice to learn more about the cybersecurity solutions we can help implement in your retail organization.