With more people making purchases from home, now is a more important time than ever to secure your business against retail security threats. More and more customers are moving to online orders with gradual growth accelerated by five years in 2020 alone. Take a look at retail cybersecurity risks and how to protect against them.

How to Protect Customer Data

One key obstacle to good retail cybersecurity in the age of e-commerce is greater complexity when it comes to customer data security. To digitize, retailers need access to data. They need customer demographics in order to refine their marketing campaigns and inventory stats to remain stocked. They also need customers’ personal and financial information in order for shoppers to seamlessly shop and pick up where they left off, whether they’re shopping on a mobile phone, a laptop or in a store.

Next, retailers need to store all of this data and use it in a meaningful way. So, they invest in cloud-based storage plans along with feature-rich web stores, updated point-of-sale (POS) terminals and/or redesigned mobile apps. These assets increase the amount of data that’s making its way throughout their network. They also create new points of entry from which threat actors can try to launch an attack.

As an example, threat actors are increasingly turning away from POS malware and toward credit card skimmers. The latter sometimes involves injecting malicious code into e-commerce checkout pages that use self-removal and other techniques to evade detection. Other times, they leverage steganography to conceal malware within images or cast a shadow over the data theft process.

Fraud can also threaten retail cybersecurity. It begins with a digital attacker breaking in to a real shopper’s account or using upfront staging to set up an account of their own. They use this to make that account seem honest for a period of time. Then, the attackers use those resources to conduct schemes, such as reshipping scams. They purchase high-end goods, such as jewelry or computers, using stolen credit cards and have them shipped to unwitting ‘reshippers.’ Those people repackage the merchandise and ship it around the world in order to be resold.

Retail Cybersecurity Threats: A Challenge to Digitization

These retail cybersecurity threats aren’t doing business owners any favors. In a 2020 survey, 34% of respondents say concerns surrounding cybersecurity were their primary challenge in moving forward with a digital plan and entering into the world of e-commerce.

The same proportion of survey participants cited retail cyber attacks or privacy breaches as their most serious digital threat — above disruption by industry rivals (23%), disruption by industry outsiders (17%), poor customer experience (14%) and commoditization or automation (12%).

These retail cybersecurity threats, among other obstacles, have made it more difficult for retailers to proceed with their digital journeys. Indeed, 85% of digital transformation plans failed before they even got off the ground. Just 15% of those programs failed after retailers launched an attempt to shift more to e-commerce.

Retail Cybersecurity Best Practices

Long-Term Thinking

Even so, retailers and e-commerce organizations are looking to the future to strengthen their digital defense postures. More than half (57%) of respondents to the survey say bolstering retail cybersecurity was among their top three short-term business goals. Two in five said the same about their long-term business goals. In service of those objectives, 48% of retailers say they are planning digital efforts surrounding risk management and compliance over the next 12 months, while 41% say they had projects in these areas underway.

Retailers can begin those efforts by being strategic when selecting an e-commerce platform. They first need to choose a secure e-commerce platform compliant with the Payment Card Industry Data Security Standard. This will help keep customer data safe. In service of that same end, retailers can consider using multifactor authentication (MFA) as a way to defend against phishing attacks and account takeover attempts.

Network Segmentation

Good retail cybersecurity also involves securing your networks at large. That begins with using network segmentation to keep personally identifiable information, financial data and POS details safe. Within each of those segments, retailers can network monitoring tools to detect signs of lateral movement and data theft attempts involving sensitive customer and corporate data.

POS Malware

At that point, retailers and e-commerce shops can focus on defending against specific threats. Take POS malware, for instance. Boost retail cybersecurity by ensuring a malware detection solution is running on your entire network, including POS systems. Leverage risk management to keep their POS terminals up to date and implement patches on a timely basis.

Threat Intelligence

Lastly, retailers need to make sure that they don’t take their digital safety for granted. One of the ways they can do this is by investing in trustworthy threat intelligence streams. They can use those resources to stay on top of the latest digital threats targeting their sector. At that point, they can use that knowledge to defend against those problems. Those include using ongoing security awareness training to educate the entire workforce how to be responsible.

Retail Cybersecurity in the Age of E-Commerce

Shifting to e-commerce presents several cybersecurity challenges to retailers. But all of them can be prevented. Using best practices and basics, your store can complete a digital journey and continue to adapt to consumers’ changing preferences.

More from Retail

Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies

Whether it’s online or brick-and-mortar, every new store or website represents a new potential entry point for threat actors. With access to more personally identifiable information (PII) of customers than most industries, bad actors perceive retail as a great way to cash in on their attacks. Plus, attackers can duplicate attack methods more easily since retailers share similar cybersecurity infrastructure. The good news for retail is that the cost of a data breach in the sector remains low compared to…

Lessons Learned by 2022 Cyberattacks: X-Force Threat Intelligence Report

Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights. This year, a new industry took the infamous top spot: manufacturing. For the first time in over five years, finance and insurance were not the top-attacked industries in 2021, as manufacturing overtook them by a…

Magecart Attacks Continue to ‘Skim’ Software Supply Chains

Did your company or e-commerce firm recently buy third-party software from a value-added reseller (VAR) or systems integrator? Did you vet the vendor code? If not, you could be at risk for a Magecart group attack. Magecart is an association of threat actor groups who target online shopping carts, mostly from within the e-commerce platform Magento. The Magecart name is derived by combining ‘Mage’ (from Magento) with ‘cart’ (shopping cart). This type of attack is especially dangerous as it only…

Omnichannel E-commerce Growth Increases API Security Risk

Today, a lot of the digital innovation we see is largely thanks to the application programming interface (API). Without APIs, rapid development would be nearly impossible. After all, the API is the link between computers, software and computer programs. But wherever there’s a link, a potential data security weakness exists. Essential for modern mobile, SaaS and web applications, APIs are nearly ubiquitous in everything from front office, back office and internal applications. By nature, however, APIs expose application logic and…