Cyber-attacks in Retail: Stay focused and be proactive in 2023

It is time for businesses to learn and prepare themselves to prevent cyber-attacks in retails.

According to a 2019 survey conducted by BDO, CFOs viewed data privacy as a factor determining future business growth and their most significant regulatory concern.

The expansion of the sector leads to a surge in customer data volume, making it an attractive target for cyber-attacks in retail. Protecting sensitive data, therefore, becomes a critical task for companies of all scales.

Why the risk of cyber-attacks in retail is growing?

Companies are more reliant on data collection to enhance their service quality. The information serves as vital input for them to understand their customers better, especially when online shopping becomes popular.

For example, a retail company will be able to generate proper touchpoints with highly individualized product recommendations for a specific buyer; by using AI-enabled interactive systems to process inputs like facial recognition, location tracking, or voice tone.

every payment can be impacted by a cyber attack in retails

Simultaneously, under the expanding impact of digital marketing, online shopping, and loyalty schemes, shoppers are willing to share more personal information with retailers than ever. Deloitte forecasts that the amount of customer data accumulated from all touchpoints will climb exponentially from 33 zettabytes (ZB) in 2018 to 175 ZB in 2025*. 

This unprecedented growth has made the protection of data privacy a key priority for retailers. In 2019, the retail industry saw more breaches than any other sector.

One report by PwC pointed out that cyber-attacks in retail increase by 30% per year. Meanwhile, in their report titled “Cyber(attack) Monday: Hackers Target the Retail Industry as E-Commerce Thrives,” IntSights found that cybercrime costs retailers about $30 billion each year.

To retailers: time to be cautious and thorough! 

As criminals use advanced methods to carry out cyber-attacks in retail on sensitive data storage, retailers should be proactive with their cybersecurity strategy. It’s better to assume the risk of a breached system is always present. According to Brian Dunphy, their approach should be comprised of:

  • A Written Information Security Program – Enlisting the administrative, technical, and physical methods to safeguard personally identifiable information.
  • An Incident Response Plan – Instructions on detecting, responding, and diminishing impacts of a cybersecurity incident.

While there are various approaches to creating a data protection strategy, companies should evaluate the following aspects carefully to protect themselves from cyber-attacks in retail:

Domain and network security examination 

Retailers are advised to invest in a secure domain provider. Poorly-configured website domains pose the risk of exposing administrative portals, allowing criminals to enter the system. 

Afterward, in their 2016 Biggest Holiday Retailers Cybersecurity Report, SecurityScorecard noted that obtaining an SSL certificate is essential. This step helps encrypt sensitive personal information on companies’ pages.

Proper configurations of retailers’ domains ensure that customers’ addresses or credit card numbers are safe from impersonation attacks – a popular example of cyber-attacks in retail. For example, a poor DNS configuration means hackers can create websites that look like a retailer’s official one and obtain users’ personal information from fake checkout forms. 

Upgrading their point-of-sale (POS) hardware and software

Credit card information is a common target of digital attacks. There are several ways breaches relating to POS may occur:

  • Hackers may gain access to POS systems directly or through the corporate network.
  • Credit card numbers may not have been properly encrypted in the POS system.
  • POS systems may be outdated or affected by malicious codes.

Retailers now have a vast majority of technological choices to achieve secure transactions. Many businesses employ traditional magnetic stripe technology, including peer-to-peer (P2P) encryption or applying the EMV standards for mobile payments and wallets.

In recent years, the use of Near-field Communications (NFC) in retail has also expanded. These technologies enable a secure, contactless, and faster payment method.

Raising employee awareness

Besides monetary and technological investments, employees play an equally important role in defending businesses against cyber-attacks. Therefore, providing adequate and regular training on this matter is vital.

Meanwhile, for these employees, the nature of working in retail makes data management and privacy protection a challenging task. To be more specific, a proportion of retail employees are seasonal or part-time workers. They may lack a sense of commitment to adhere to the employer’s privacy policy. 

Working in retail means involving multiple third parties. This issue makes data management and protection to prevent cyber-attacks in retail even more challenging and complicated.

Therefore, it is essential to have strict regulations regarding data safeguarding for employees. For example, businesses can minimize risks by implementing a password policy on their staff.

Instead of sticking to the default login information, employees must create multi-factor usernames and passwords and change them regularly. Otherwise, hackers may gain access to the administrative systems and steal critical data.

In conclusion, the retail industry has served its customers better thanks to the large-scale collection of data. However, this comes with the risk of privacy breaches which are taking place in increasingly sophisticated ways.

What makes retailers truly prepared to handle cyber-attacks in retail is a thoughtful, comprehensive approach to reviewing and renovating their security infrastructure.

*1 Zettabyte (ZB) = 1 trillion gigabytes (GB)