With technology supporting ever increasing retail, hospitality, leisure and eCommerce businesses, retailers need to be aware of blind-spots in their online exposure both for their assets and customers.
In the e-Commerce and retail related sectors such as online retailers, leisure, hospitality, data breaches significantly impact brand reputation, and it may lead to legal implications based on the incident and regulations. Ultimately, it leads to a decrease in consumer confidence. Whether it's a requirement for PCI DSS, GDPR, Cyber Essentials or a proactive approach, Defendza have the skillset and extensive experience in this sector.
Defendza's experience shows mid-sized segment of this new wave of online retailers suffering from cultural issues. As revenues are soaring with larger profitability's, it's not the budgets that are an issue but board and management's awareness of cyber risk profile. At this very stage, the importance of cyber security can never be under-estimated. Blind-spots during design, development or deployment phases could post a serious risk to the organisation.
There are numerous examples online where major dip in profits was noticed in the immediate aftermath of a breach. While malicious actors are gaining momentum in the Tactics, Techniques and Procedures (TTP) utilised during attacks, businesses in this sector must adapt cultural improvements to ensure cyber security keep them on the front foot.
While your business is expanding through soaring revenues, cyber security blind-spots if left uncovered are potential disasters waiting to happen.
As per the Retail Crime Survey published by The British Retail Consortium, 53% of the reported frauds in the retail sector are facilitated by cyber.
When it comes to breach incidents, Retail and eCommerce are second after the banking and insurance industry. It's important to think beyond conventional tick-in-the-box approach. In case of retailers taking care of their cyber hygiene, many a time supply chain risks could lead to whole chain compromise. Instances in the past include threat actors targeting IT services including hosting service providers, Point of Sale integrators, help-desk companies and IT resellers who deploy new devices.
Key challenges faced by retail and eCommerce security and IT teams including middle management include:
As the threats facing this sector are constantly evolving, there can never be a fixed list of security concerns. Overall, the retail industry is facing a challenging cyber threat landscape.
A supply chain is a chain of dependencies in goods or services. Supply chain compromise is the manipulation of products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system threat. A supply chain can be compromised in various ways, for example, through the exploitation of third-party data stores or software providers.
The loss of client information can have a devastating impact on a sector that has confidentiality at the heart of its business. Firms storing sensitive information, third party data, transactional records are likely to be at a higher risk of data breach than a local high street firm. Therefore, it goes without doubt that secure information storage and processing practices would help minimise the attack surface.
Before deploying POS implementations at a scale, it's vital that sample implementations are validated by a third party provider for issues such as segregation, encryption measures in use, network traffic analysis for payment data, checks on the tills/retailer systems, and associated cyber security key aspects.
Insider threats are counted amongst the most significant cyber-risks in the financial services sector. Businesses tackling this issue regularly validate their controls around logical access controls, spear-phishing, threat intelligence and regular penetration testing. In addition to technical controls, staff awareness and understanding through training helps build security-conscious culture.
Our experience in the industry comes from the varied consultancy and security assessment based projects conducted for Supermarkets, High Street banks, e-Commerce and online retail customers.
Akamai report warned that retailers need to be aware of Prime day shopping spikes in traffic in order to prepare for future online sales and the holiday season. With a spike in traffic comes the additional threat of cyber-attacks. The report also found that “nearly 10 billion total bot attacks during the 48 hours of Prime Day is equal to the number of retail-specific bot attacks we detected from May to December 2018. Prime Day was very attractive to threat actors due to the high visibility of Prime Day and the larger number of retailers offering their own promotions.
The attack trend, which is sometimes referred to as ‘big game hunting,’ can include the use of a wide range of bespoke malware and commodity ‘crimeware’ malware available for download or purchase from underground forums and marketplaces, including banking Trojans, information stealers, keyloggers and loaders, as per Accenture's 102 page report.
