With more people making purchases from home, now is a more important time than ever to secure your business against retail security threats. More and more customers are moving to online orders with gradual growth accelerated by five years in 2020 alone. Take a look at retail cybersecurity risks and how to protect against them.
How to Protect Customer Data
One key obstacle to good retail cybersecurity in the age of e-commerce is greater complexity when it comes to customer data security. To digitize, retailers need access to data. They need customer demographics in order to refine their marketing campaigns and inventory stats to remain stocked. They also need customers’ personal and financial information in order for shoppers to seamlessly shop and pick up where they left off, whether they’re shopping on a mobile phone, a laptop or in a store.
Next, retailers need to store all of this data and use it in a meaningful way. So, they invest in cloud-based storage plans along with feature-rich web stores, updated point-of-sale (POS) terminals and/or redesigned mobile apps. These assets increase the amount of data that’s making its way throughout their network. They also create new points of entry from which threat actors can try to launch an attack.
As an example, threat actors are increasingly turning away from POS malware and toward credit card skimmers. The latter sometimes involves injecting malicious code into e-commerce checkout pages that use self-removal and other techniques to evade detection. Other times, they leverage steganography to conceal malware within images or cast a shadow over the data theft process.
Fraud can also threaten retail cybersecurity. It begins with a digital attacker breaking in to a real shopper’s account or using upfront staging to set up an account of their own. They use this to make that account seem honest for a period of time. Then, the attackers use those resources to conduct schemes, such as reshipping scams. They purchase high-end goods, such as jewelry or computers, using stolen credit cards and have them shipped to unwitting ‘reshippers.’ Those people repackage the merchandise and ship it around the world in order to be resold.
Retail Cybersecurity Threats: A Challenge to Digitization
These retail cybersecurity threats aren’t doing business owners any favors. In a 2020 survey, 34% of respondents say concerns surrounding cybersecurity were their primary challenge in moving forward with a digital plan and entering into the world of e-commerce.
The same proportion of survey participants cited retail cyber attacks or privacy breaches as their most serious digital threat — above disruption by industry rivals (23%), disruption by industry outsiders (17%), poor customer experience (14%) and commoditization or automation (12%).
These retail cybersecurity threats, among other obstacles, have made it more difficult for retailers to proceed with their digital journeys. Indeed, 85% of digital transformation plans failed before they even got off the ground. Just 15% of those programs failed after retailers launched an attempt to shift more to e-commerce.
Retail Cybersecurity Best Practices
Even so, retailers and e-commerce organizations are looking to the future to strengthen their digital defense postures. More than half (57%) of respondents to the survey say bolstering retail cybersecurity was among their top three short-term business goals. Two in five said the same about their long-term business goals. In service of those objectives, 48% of retailers say they are planning digital efforts surrounding risk management and compliance over the next 12 months, while 41% say they had projects in these areas underway.
Retailers can begin those efforts by being strategic when selecting an e-commerce platform. They first need to choose a secure e-commerce platform compliant with the Payment Card Industry Data Security Standard. This will help keep customer data safe. In service of that same end, retailers can consider using multifactor authentication (MFA) as a way to defend against phishing attacks and account takeover attempts.
Good retail cybersecurity also involves securing your networks at large. That begins with using network segmentation to keep personally identifiable information, financial data and POS details safe. Within each of those segments, retailers can network monitoring tools to detect signs of lateral movement and data theft attempts involving sensitive customer and corporate data.
At that point, retailers and e-commerce shops can focus on defending against specific threats. Take POS malware, for instance. Boost retail cybersecurity by ensuring a malware detection solution is running on your entire network, including POS systems. Leverage risk management to keep their POS terminals up to date and implement patches on a timely basis.
Lastly, retailers need to make sure that they don’t take their digital safety for granted. One of the ways they can do this is by investing in trustworthy threat intelligence streams. They can use those resources to stay on top of the latest digital threats targeting their sector. At that point, they can use that knowledge to defend against those problems. Those include using ongoing security awareness training to educate the entire workforce how to be responsible.
Retail Cybersecurity in the Age of E-Commerce
Shifting to e-commerce presents several cybersecurity challenges to retailers. But all of them can be prevented. Using best practices and basics, your store can complete a digital journey and continue to adapt to consumers’ changing preferences.
David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Trip...