NordVPN Teams and NordVPN have released data showing the average cost of a data breach in the retail industry is $2.01 million — the third fastest-rising figure in all sectors. The shift to e-commerce and a 16.5% increase in sales last year have presented more cyberattack opportunities.
In recent years, the retail industry has moved to primarily web-based infrastructure. Verizon indicated a decline in Point of Sale (POS) attacks from around 70% to virtually none between 2014 to 2019, with hackers increasingly targeting web applications and their servers.
Increased efficiency of e-commerce platforms has created new network vulnerabilities even with upgraded infrastructure. The retail sector has seen an influx of technology with artificial intelligence, drones, and workers using remote devices to streamline everyday operations. Without robust cybersecurity measures, each one of them is a potential entry point for malicious users.
“Successful online trade requires complex hardware and software integration. Users require highly-customisable shopping apps and a seamless buying experience. But each click begins a chain-reaction; a request sent to the e-commerce platform, the order is forwarded to the warehouse, and the delivery and payment process is begun. Each of these stages are exposed without proper digital protection”, says Juta Gurinaviciute, the Chief Technology Officer at NordVPN Teams.
55% of all cyberattacks in the retail industry are made up of DDoS, card fraud, and inventory denial. That’s not covering credential stuffing, fake reviews, and even ransomware either. There are different tools to compromise every aspect of a complex transaction. The aftermath of such cyberattacks is often devastating: Bloomberg reports nearly 400 million exposed customer records, and website downtime costs $100k per hour on average.
Cloud computing widens the attack surface
A smooth buying experience and a user-centric approach are crucial for the success of online retailers. But this is too often at the expense of proper cybersecurity measures, as they can slow everything down. No one likes a ‘captcha’ separating them from their new shoes. Unfortunately, the same applies to strict authentication when it comes to payment and delivery options.
Retailers are turning to cloud services to improve user experience and increase efficiency. Cloud computing combines in-store and digital sales points into one system. It makes customer resource management (CRM) information easy to access, mobile connectivity effortless and enables real-time resource and operational management.
“Cloud computing adds another network layer, needing extra tools for a secure connection. To maintain their resilience, organizations must review their existing networks and patch outdated machines, preventing unauthorized access through network end-points. Those include devices like POS terminals, cash registers, and warehouse laptops”, says Gurinaviciute.
Advanced cloud e-commerce platforms allow third-party integration. By connecting contractors, vendors, and payment institutions to their internal network, enterprises can exchange data in real-time. However, the collaborators usually need at least some level of permission to access your data, which could harm your retail business.
New-generation supply-chain attacks that utilise open-source code surged by 430% in the past year. Different vendors support each retailer’s network, ensuring business operations and efficiency, but security negligence can easily result in falling victim to an opportunistic cybercriminal.
Employees and contractors are also responsible for resilience
While patching up the outdated devices is the business owner’s responsibility, dealing with third-party security gaps is harder. It’s sensible to take control and check if current and potential contractors take cybersecurity seriously.
With software vendors, set service level agreements (SLAs) to define each party’s responsibilities and subsequent actions in the event of a data breach. To mitigate risk, contractors should only access relevant resources. Also, having zero-trust network access (ZTNA) is an option that provides access to predefined assets for a limited time only.
“Retailers work with much sensitive customer data. To protect these assets, they should adopt network encryption solutions, preferably those using AES 256-bit encryption. They should also consider cloaking all devices and network end-points with a protected virtual private network (VPN) making them effectively invisible”, suggests Gurinaviciute.
Employees play a big part too. Phishing emails are frequent initial attack methods, and workers are the usual target. Raise their awareness by organizing engaging and inclusive cybersecurity training or providing access to introductory courses online.
“Online shopping is growing at a steady pace and accelerated during the COVID-19 pandemic. But retailers shouldn’t only think about growth opportunities, as increasing digital presence puts them in the spotlight for cybercriminals. Enterprises should securely integrate in-store devices, logistic chains, and e-commerce websites into their resilient network”, concludes NordVPN Teams expert.
Read the latest edition of PCR’s monthly magazine below: