There are numerous steps retailers can and should take to improve their security posture, protect their brand, and ensure a safe shopping experience for their customers during the holiday season (and beyond). Once the shopping season has begun, making extensive changes to a security program or implementing new technology is no longer possible. Nevertheless, retailers can work with existing resources to identify threats in advance and avoid disruption.
Cloud is a Top Attack Target
Retailers continue to adopt and expand cloud-based (typically multi-cloud) workloads such as e-commerce websites, mobile apps, loyalty programs and microsites to create a convenient and personalized shopping experience for customers. However, as retailers need to quickly respond to market demands by providing their customers with new digital experiences and extending the ones already in place, mistakes and security gaps become inevitable. This presents an invitation to cybercriminals.
System intrusion is an example of a common attack scenario in retail. It usually occurs as part of a malware campaign or data capture function common commonly seen in Magecart-type attacks. These attacks exploit vulnerabilities or utilize stolen or “misplaced” credentials. This allows attackers to capture sensitive information such as passwords and credit card information from online payment forms. According to the Verizon 2022 Data Breach Investigations Report, malware attacks with a “capture app data” functionality are seven times more likely to occur in retail compared to other industries.
When protecting data hosted in a cloud, tasks such as gaining visibility and control over potential attack surface, quickly patching vulnerabilities (or mitigating attack methods) and implementing strong API security controls are critical. In addition, retailers can benefit from a comprehensive cloud visibility solution that provides an easy-to-use dashboard for monitoring workloads across multiple clouds.
Protecting brand reputation requires vigilance
The customer user experience has evolved significantly over the past decade, as have e-commerce platforms themselves. Retailers understand that customers want a smoother shopping experience, more curated offerings, and a frictionless checkout process. To make it happen, they are willing to provide their data. The widespread use of content management systems (CMS) and content delivery networks (CDN) enables retailers to easily and quickly set up new websites. Yet, distinguishing between real websites and those created for fraudulent purposes can be tricky.
Last year, Fortinet identified several fake websites at the beginning of the Christmas shopping season. One example was a popular power tools website that cybercriminals spoofed. Customers who placed orders through this fake website received counterfeit products. Attackers will continue to fake retailers’ websites as well as their social media accounts to trick customers into handing over their credit card details. This is a very profitable scam for cybercriminals.
Such cyberattacks not only damage potential customers financially, but also hurt the core of any business: its brand reputation. Although companies may not know who is behind an attack, it is of great interest to them to protect their customers. A good way to prevent these attacks is using a Digital Risk Protection Service (DRPS). Such a service provides proactive monitoring and risk analysis of a brand’s digital assets. It also gives IT security teams insight into the perspective of attackers, which allows them to stop the threats before they turn into full-scale cyberattacks.
How to protect brands and customers in pre-Christmas season
Cybercriminals are constantly searching for new opportunities to take advantage of retailers and their customers during the busiest shopping season. But if retailers are aware of the increased risks and take a proactive approach to security, they reduce the likelihood of cybercriminals ruining the holidays for them and their customers. The following measures should be kept in mind to keep the brand and customers safe:
- Regularly reviewing and optimizing security technologies and collaborations
- Setting the highest standards for proactive monitoring
- Educating employees and customers on common cybersecurity practices and motivating them to report suspicious activity.
With these measures, retailers can safeguard their own brand and customers ensuring a more pleasant holiday season for all.
