The retail and e-commerce sectors are top targets for financially-motivated cyber incidents year-round. Holiday sales and e-commerce transactions are excellent opportunities for cybercriminals.
The holidays have remained a heavy online-shopping season. Seventy-eight percent of holiday shoppers used approximately three channels for shopping, while 58 percent made online purchases last year. With this year’s pandemic and widespread lockdowns, the retail trends site, RetailMeNot, reports three in four people will be shopping online this season.
In Part II of this Black Friday Cybersecurity series, we look at how cybersecurity is the new competitive advantage for retailers. Check out Part I for 10 Tips to defend yourself as an online shopper.Â
Â
In a previous article, we detailed how cybersecurity investments are good for business. Today, cybersecurity is the third most important factor when consumers select retailers, even outranking attributes such as brand reputation and discounts.Â
Approximately 40 percent of consumers would be willing to increase their online spend by 20 percent or more if their retailer builds trust by enacting reliable cybersecurity controls. Improved cybersecurity and data protection measures could drive a revenue boost by about 5 percent. However, very few retailers are leveraging this opportunity that drives satisfaction and wins consumers’ trust.
The increased growth of online shopping caused by the pandemic will include a mixture of familiar and emerging attack vectors this year.
Be aware of some of these tactics that hackers use against retailers:
1) Phishing Scams: Cybercriminals cunningly design phishing scams masquerading as seasonal discounts from reputable brands.Â
2) Malicious Websites and Social Media Profiles: Malicious imitation websites and social media profiles are created for a sense of credibility while tricking unsuspecting shoppers.Â
3) Direct Attacks: Cybercriminals also launch direct attacks on businesses during the season. As a result of the holiday traffic, huge sales distract retailers from noticing malicious activities in progress. Hackers can use different attacks to target e-commerce sites to steal personal and payment information. They can add malicious links and scripts that steal data immediately upon a click. Â
4) Distributed Denial of Service (DDoS): Hackers target e-commerce sites with thousands of requests to slow or crash servers. The attack prevents genuine shoppers from making purchases.
5) Magecart and Web-Skimming: Magecart is a common attack tactic in the e-commerce sector. In most cases, retailers integrate external apps to run analytics, engagement, and adverts on their website. Subsequently, hackers use Magecart to exploit these third-party products installed on websites to steal financial information on checkout pages.
Retailers should prepare for cybersecurity risks with vigilance and reliable security controls. Here are some recommendations for how to make your retail organization cyber-resilient:
1) Security Awareness: People are your first line of defence against any cybersecurity attack. Inform and remind employees and customers about security and privacy tips. Proactively share with customers what security controls you have in place and the type of information you collect and how you store this information.
2) Vulnerability Assessment: An e-commerce business should conduct a third-party risk assessment for external components they integrate into their sites, mitigating the risk vendors present to your environment. A vulnerability assessment would help to identify the gaps in your security controls.Â
3) Incident Response Plan: No business is too small to be attacked. Develop an incident response plan so when an attack occurs, there’s no delay in action to identify and isolate the attack.
Unquestionably, the holiday season and increased shopping on e-commerce sites come with different cyber threats. Shopping sites collect payment and personal information, which require a high level of responsibility. Retailers should implement the right security measures to overcome the challenge and make the season profitable for sellers and safer for shoppers.
For more information, contact ISA today.