Cultivating a new breed of cyber security for the new shopping experience
Retailers – be they small local shops, online sellers, or top global brands – generate, transfer, and store more data than ever before, ranging from customer data (both online and in-store, as we have considered in previous articles), to supply chain and asset tracking data.
Whether it’s shopping online or utilising in-store apps to access the latest savings and special offers, the way customers shop has fundamentally changed forever, with the data they generate online and in person allowing retailers to build up unique personas that drive truly bespoke experiences.
However, each point of transfer represents an opportunity for bad actors to not only access both corporate and personal data, but introduce malicious software to the underlying infrastructure, and so represents a serious threat to both business and reputation.
While all retailers will already have physical and digital security systems in place, the shifting nature of cyber-crime means that complacency is not an option. The Retail sector must be ready to take a close look at the latest threats and develop a new model of cyber security in response.
The new face(s) of cyber-crime
With the cost of cyber-crime set to hit $10.5 trillion by 2025[1], a growing range of threats – from account takeover to credit card fraud, phishing, web scraping, API abuses, and distributed denial of service (DDoS) attacks – must all be treated with the utmost seriousness. While most of these cybercrime strategies have existed in one form or another for some years now, the growing sophistication and accessibility of AI is increasingly allowing them to be automated, significantly increasing the scale and speed at which attacks can be staged. Compounded by the rise of state-sponsored cyber-crime, this continued barrage of attacks represents an ongoing risk for the entire sector, threatening sales, customer satisfaction, and – ultimately – brand reputation.
Furthermore, in light of increasingly stringent data protection regulations, such as the GDPR, retailers have a legal obligation to ensure all data is gathered, transferred, and stored with the greatest degree of care, and are expected to show evidence of a proactive approach to cyber security at their corporate headquarters, store locations, warehouses, throughout their supply chains, and across every element of their online presence.
The lingering threat of ransomware attacks
Ransomware attacks remain an omnipresent threat for retailers. In early 2022, an attack on KP Snacks crippled its IT infrastructure, leading to serious supply issues, while as recently as March 2023, WH Smith experienced an attack that left its staff’s personal data compromised. When cyber criminals seize control of IT infrastructure in this way, retailers are left unable to do business, with no guarantee that their data will be restored even if they do pay the ransom demand. At the same time, GDPR regulations require companies affected to inform customers that their data has been compromised and may be for sale on the dark web, leaving them open to other forms of cyber-crime.
A comprehensive plan to guard against ransomware attacks and ensure critical infrastructure can be restored and secured as quickly as possible in the event of a breach is therefore essential for all retailers. This is not only a question of ensuring lost trading hours are kept to the absolute minimum, but avoiding serious reputational damage that will discourage both existing and potential customers from making purchases going forward.
DDoS attacks have a tangible impact on in-person sales, as well as online
Long recognised as a serious source of disruption by online businesses, DDoS attacks now have the potential to negatively impact face-to-face sales as well. In our era of contactless payments, if the EPOS system is inoperable, sales cannot be completed, which will inevitably impact the retailer’s profits, reputation, and the quality of their customer experience. With such attacks increasing in both frequency and intensity throughout 2022[2], effective DDoS protection should be incorporated into any effective retail security system.
Balancing unforgettable customer experiences with the most robust data security
The cyber threat landscape continues to evolve, with new threats emerging on a regular basis, and this will only accelerate as the Retail sector continues to embrace the next generation of smart technology, and cyber criminals utilise bots and automation to boost the frequency and intensity of their attacks. Retailers must therefore begin treating cyber security with the same urgency as physical security systems, and work closely with their technology partners to develop fully integrated systems that provide customers with complete peace-of-mind as they shop.
If you would like to discuss anything we’ve looked at here in greater depth, do not hesitate to contact us, to arrange a deep dive into your security challenges and take your first step towards developing a next-generation security ecosystem that frees you to focus on delivering exceptional customer service.