Today businesses and corporations are increasingly adopting technologies to utilize the power that digitization provides. The retail industry sees increasing value in adopting this trend and they are continuously investing to provide a unique experience to customers. For instance, Amazon in early 2015, introduced a one-hour delivery service in New York City, and offered services such as real-time tracking of the product. Other e-commerce organizations have been coerced by the market leaders to join the bandwagon. A Deloitte report (Source) suggests that 58% of consumers use their mobile device to access a shopping portal or use an app for the same. With the e-commerce market expected to grow in double-digits till 2020 and the adoption of latest technologies by the players to reach their customers, present times are witnessing a digital wave which was never seen before.
While the opportunities are numerous, the very nature of this business model introduces risks both to business owners and consumers alike. The rise in online transactions is seeing a proportional increase in threats. Cyber attacks are increasingly becoming common on retail businesses. As per a Verizon 2015 report, of all the data breaches caused by cyber attacks, 28.5% have been on POS which are directly linked with the retail and hospitality industry.
Let us quickly examine some of the top cyber threats that impact the retail sector.
- Ransomware –Ransomware generally refers to an attack by which hackers gain access to an organization’s network and hold them for ransom by locking up complete or part of their systems. The recent infamous Petya ransomware attack rendered useless, many a company’s ability to do business over the Internet. As per reports many retail organizations including few systems in Reckitt Benckiser India, Mars Inc, India based arm of Beiersdorf AG, Ukraine arm of Metro Cash and Carry were affected (Source). Retail businesses open up multiple points of access thereby making them vulnerable to cyber threats. Hackers target these companies to gain access to sensitive data pertaining to customers.
- Increasing integration with Internet of Things – The Internet of Things, which essentially connects devices like refrigerators, TVs, any other home appliances or even cars to the web, is on the rise. Its potential in the retail industry is immense with companies trying to integrate in-store cameras, sensors and the shopper’s smartphone. With multiple devices connecting to an organization’s network, the risk of having unguarded entry points to the system increases. Some of the cyber experts refer to it as the “Internet of Vulnerabilities”, if appropriate measures to shield from attacks are not undertaken.
- Mobile Security – Mobile phones are ubiquitous and are becoming one of the top tools for shopping. As per a Deloitte report, the younger generation especially 25-34-year-olds are heavily inclined to use mobile devices for browsing, shopping and purchasing. With a rise in usage of the same by employees within office, a company’s network is suddenly under a deluge of connections some of which might be host to malicious malware. This in turn suddenly puts, not only the network under threat, but also all the connected devices.
- Insecure data – Retailers are continuously collecting customer data to make the experience of the client more personalized and meaningful. This however, presents a window to hackers to steal data, especially when the data is stored on mobile devices or other end points such as kiosks which are accessible both by customers and staff. It is imperative that organizations guard themselves against such loopholes and entry points by deploying robust cyber security software.
- Slow and reactive responses – Many organizations have learnt their lessons the hard way by becoming victims of cyber attacks. In many cases, they have suffered reputational and monetary damages. As new methods evolve to make the customer experience better, newer vulnerabilities are born. Not upgrading security software, lack of policy to prevent internal breaches and absence of continuous monitoring are some of the practices that corporations need to weed out from the first day. The key to preventing such debacles lies in being vigilant and ensuring that technology is always protected. Increased sensitivity to cyber attacks and making cybersecurity a priority to the organization must be top driven. Finally, constant testing of vulnerabilities, validating associated agencies such as vendors/suppliers and a recovery plan to tackle an unfortunate breach are some of the measures that are imperative to the success of an organization.