How retailers can stay protected against cyberattacks this holiday season

Hackers love to launch attacks on long weekends or just before major holidays.  The examples of such attacks are well-chronicled and range across industries. Yet preparing for a potential attack isn’t just a matter of beefing up security and locking everything down tight on Friday afternoon.  Many sorts of cyberattacks are perpetrated by attackers that lurk in compromised networks and systems and wait for just the right moment to strike.

For retailers, in an industry that sees its highest levels of activity around holidays, this is particularly concerning. Retailers of every size have been looking to drive profits and efficiencies by implementing data-driven technologies, and have subsequently provided more attack surfaces to all the bad actors planning attacks.

Attacks normally peak during the holiday shopping season, and 2022 should follow the trends of recent years according to a report from data protection specialist Imperva, The State of Security within E-Commerce 2022. Imperva notes that in 2021 bot-related attacks on retail sites grew 10% in October and another 34% in November, indicating that cybercriminals stepped up their efforts around peak holiday shopping periods.

“The holiday shopping season is a critical period for the retail industry, and security threats could undermine retailers’ bottom line again in 2022,” said Lynn Marks, Imperva senior product manager, in a Computer Weekly article.

She is not alone in her risk assessment for retailers, as other industry experts concur: “We are seeing ransomware attacks on retailers skyrocket in 2022, driven by a variety of factors, including the spiraling amounts of retail data," says Margot Juros, research manager for IDC’s Worldwide Retail Technology Strategies. 

24% of cyberattacks target retailers

According to Fortinet, 24% of cyberattacks target retailers. Because of the breadth of payment information retailers possess, and the varying levels of security within the industry, it’s no surprise retailers are a prime target. Further, even an SMB retailer could have many credit card or bank details stored in their files. Cybercriminals have started to capitalize on these opportunities.  Because many retailers may have similar cybersecurity infrastructures, a cyberattack strategy that works against one company may also work against one of its competitors.

Some retailers are just not prepared

Many businesses are still lacking effective measures to prevent the dangers associated with cyberattacks, and retailers in particular have a responsibility to protect the data of their customers.  Retailers collect, process and store increasingly large amounts of customer data, including PII (personally identifiable information) and credit card numbers.  

In the last two years, many retailers have actively increased their digital footprint, adopting more cloud-based services, deploying more complex IT stacks while trying to manage large, geographically distributed networks. All of these factors widen the attack surfaces that cybercriminals have available to them.

Cloud-based storage and mobile apps are leaving a larger data presence on the web, leading to new threat vectors. One furniture retailer reported a data breach of 108,940 records containing email and physical addresses, names, phone numbers and passwords, which had been hosted on one of the leading cloud providers.  Another apparel retailer got caught up in a credential-stuffing attack when cybercriminals used email addresses, usernames and password combinations obtained from data breaches to hack into user accounts on the retailer’s website.  Do a quick search on Google and you’ll find many, many more examples.

It takes no great leap in logic to understand that retail customers are extremely concerned. According to Statista “74% percent of survey respondents worried about their personal, credit card or financial information being stolen by computer hacking, making it the crime that Americans worried about most.” 

Positive steps a retailer can take to guard against cyberattacks

Retailers can act now to address cybersecurity issues.  It’s never too late to take positive steps to protect company and consumer data:

• Encrypt all sensitive data: In a perfect world, sensitive data would never be retained. But that doesn’t work for retailers of any stripe, so the next best thing is to ensure that all data is encrypted, whether at rest or in transit. 
• Institute frequent data backups: To minimize the loss of data from ransomware attacks, it’s almost mandatory to regularly back up all data from the e-commerce website, POS systems, and other applications.
• Multi-factor authentication and Zero Trust Access: To keep customer data safe, multi-factor authentication (MFA) should be implemented. Zero trust access can further buttress cybersecurity efforts, and be sure to use an e-commerce platform that complies with the Payment Card Industry Data Security Standard (PCI-DSS).
• Educate employees: Retailers should conduct phishing simulation training so that staff can spot threats before one of the most dangerous periods of the year. Employees at all levels should be able to identify malicious attachments or links and know never to share login information.
• Consider new security solutions: Consider deployment of managed or co-managed network infrastructure with integrated cloud security solutions, or security-as-a-service solutions, to protect against cybersecurity threats across cross-channel operations.

How Spectrum Enterprise can help

Retailers today need to buttress security measures against cyberattacks, while also ensuring PCI DSS (Payment Card Industry Data Security Standard) compliance for card transactions and emerging software-based payments solution.  They should consider managed network services to reduce the burden on their over-extended IT team. 

With the impacts of cybercrime growing every year, particularly during the holiday season, we understand the urgency of staying ahead of the risks. That’s why we work with security experts, and partner with leading providers to deliver fully managed solutions designed to take on your security challenges — so you don’t have to.