November 21, 2017 By Scott Koegler 2 min read

The 2017 holiday selling season promises to be robust and active. In fact, the National Retail Foundation forecast a 3.4 percent increase from 2016 spending for a total of $967.13 per consumer. But as we enter another holiday season, retailers need to be prepared for emerging trends that are likely to disrupt the active selling season.

Retail Disruption Via Ransomware

The emergence of ransomware has disrupted business in a wide range of industries over the past year. Ransomware campaigns typically do not garner huge amounts of money — largely because the ransom demands have been relatively modest, but also because companies have been able to rely on backups of their data. Nonetheless, these organizations paid in terms of lost time and operational delays.

Retailers may be able to bring their systems back online from their backups, but a well-timed ransomware attack could be disastrous during peak sales days such as Black Friday and Cyber Monday. These attacks usually take advantage of security flaws for which patches are available but not widely installed. The best defense against them is to aggressively apply patches and updates to all systems, paying particular attention to operating systems and firmware.

Third-Party Intrusions

In the age of connected trading partners and online shopping affiliates, data thieves have new opportunities to invade systems through computing connections that are normally trusted. Retailers who allow third parties to access their networks may be opening the door for cybercriminals.

It’s difficult enough for a company to verify the safety of its own computing environment when it has multiple distribution centers, retail locations, corporate offices and online catalogs. It’s unrealistic to think the security teams at these retailers can police the networks of every connected vendor and service provider, or to expect that each one has performed due diligence on its own systems.

Retailers need to bolster their network protection, particularly for the access pathways open to their trading relationships. This means building additional safeguards into any APIs that provide linkage to your systems and making certain that firewalls and intrusion detection and protection facilities are operational and up to date.

IoT Insecurity

The Internet of Things (IoT) is growing quickly, and the population of intelligent communicating devices is expected to exceed 20 billion by 2020. Retailers are finding good reasons to deploy IoT products to streamline all kinds of tasks, from vehicle tracking to inventory management. Similarly, product manufacturers are embedding IoT capabilities into consumer products to make it easier to service devices after delivery.

IoT devices typically establish internet connections to their service organizations to enable remote management. But manufacturers have yet to deploy a comprehensive and standardized set of security protocols to ward off cyberthieves who automatically scan internet addresses for vulnerabilities. The lack of proven and standardized security measures presents billions of endpoints that are potentially vulnerable to intrusion. Such threats can eventually find their way through connected networks to retailers’ internal systems.

Retailers should check their service agreements to determine which IoT-enabled devices are being serviced by their own support departments and insist that manufacturers of those products verify their security protocols. Additionally, IoT connections should be limited to isolated networks that do not have access to internal networks, management systems or networks that support point-of-sale (POS) systems.

Listen to the podcast series: Five Indisputable Facts About IoT Security

More from Retail

5 ways to improve holiday retail and wholesale cybersecurity

4 min read - It’s the most wonderful time of the year for retailers and wholesalers since the holidays help boost year-end profits. The National Retail Federation (NRF) predicts 2022 holiday sales will come in 6% to 8% higher than in 2021. But rising profits that come at the cost of reduced cybersecurity can cost companies in the long run when you consider the rising size and costs of data breaches. The risk of data breaches and other cyber crimes can make this shopping…

Cost of a data breach: Retail costs, risks and prevention strategies

3 min read - Whether it’s online or brick-and-mortar, every new store or website represents a new potential entry point for threat actors. With access to more personally identifiable information (PII) of customers than most industries, bad actors perceive retail as a great way to cash in on their attacks. Plus, attackers can duplicate attack methods more easily since retailers share similar cybersecurity infrastructure. The good news for retail is that the cost of a data breach in the sector remains low compared to…

Lessons learned by 2022 cyberattacks: X-Force Threat Intelligence Report

3 min read - Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights. This year, a new industry took the infamous top spot: manufacturing. For the first time in over five years, finance and insurance were not the top-attacked industries in 2021, as manufacturing overtook them by a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today