Everything around the holidays is magnified. More sales, more traffic, bigger crowds, more help calls, longer hours, more foot traffic, bigger promotions, more communications. And more cybercrime.
The sad truth is that the holidays have always been important for cybercrime, and this year is certainly no exception. In fact, the situation is likely to be worse due to the impact of supply chain issues on retailers and their customers. Fear of not being able to get what they want can lead to ‘too good to be true’ purchases on scam websites and impulsive clicks (or tapping) on links in emails and texts.
Cybercriminals can also take advantage of the fact that many retailers have continued to rapidly expand their digital presence to meet market demand. Some of these new solutions, which often reside in multi-cloud environments, have not been tested under heavy holiday loads or properly protected against advanced threats. Likewise, as retailers have pivoted their organizations to meet customer demand, security breaches can also affect newly deployed technology supporting warehousing, distribution and fulfillment centers.
Sugar, spices, and not-so-nice retail security
According to Adobe analytics, as online spending remains high and demand levels are poised to increase, the online retail holiday season is expected to surpass $ 200 billion for the first time. All this activity is also good news for cybercriminals who understand the dynamics of the market and have improved their game in kind.
Retailers understand that convenience and consistency are a top priority for consumers. Therefore, expanding direct-to-consumer selling options will be a key strategy for retailers looking to get products into the hands of consumers as quickly as possible, regardless of where and how consumers choose to shop. Doing so through digital and physical channels will be important as the environment normalizes and retailers look to win the battle on multiple fronts.
During the holiday season, retailers regularly use flash sales, microsites, and limited time offers to attract shoppers looking for the best deal. These emotional allures are nothing new, but now attackers are taking advantage of these tactics to attract satisfied customers with clicks.
If we focus on email attacks, they’re common and become much harder to spot, especially when they come from legitimate email domains that can pass through traditional security filters. Fake emails entice consumers with offers, discounts, and available products that are almost indistinguishable from the real ones.
These problems are compounded by the fact that more consumers are working from anywhere. This increase has blurred the lines between what is an asset protected by the company and what is not. Now, employees can use company assets for personal activities, such as online shopping, and they can do so from their desks, home offices, coffee shops, or anywhere else. More advanced email security services including Sandbox, needs to be evaluated to tackle the ever-increasing risks associated with email, while Endpoint Discovery and Response (EDR) technology is crucial to protecting enterprise devices and those that blur the trail. Incorporating zero trust concepts, including identity verification and authorization, can also help reduce risk.
Hyper-vigilance is essential for retail security
Retailers themselves also face the ugly specter of ransomware. In a new global ransomware survey conducted by Fortinet, 67% of organizations say they have been a target of ransomware. And almost half said they had been targeted more than once, and almost one in six said they had been attacked three or more times.
Ransomware continues to become more financially damaging with a drastic increase in payments. The US Treasury’s Financial Crimes Enforcement Network (FinCEN) reported nearly $ 600 million in ransomware payments in the first half of 2021, putting victims on track to surpass the combined payments of the previous decade. (Ouch)
Clearly, any retailer that heads into the 2021 holiday season without adequate security is putting their business at risk. While it is not possible at this point to make drastic changes to correct long periods of neglect of security posture, businesses can be very vigilant during the peak holiday season and use existing tools at their best. advantage. Native search and 3e part integrations to enhance security effectiveness may be worth investigating.
Equally important is ensuring that appropriate processes are in place to operate safely during the peak holiday season with visibility and posture controls in multi-cloud environments. Take advantage of automation and artificial intelligence where possible and educate your employees to report suspicious activity.
Ultimately, retailers must take action to protect their consumers and their brand from harm. Security must cover the entire digital attack surface and all edges and data must be protected during this season, as retailers face an increasing number of challenges, from the more traditional to the more advanced. So while the holidays are a busy and exhausting time in retail, working smart and maximizing the technology and partnerships you have in place, the season can be safe and successful for everyone.
Learn more about how Fortinet offers traders a wide range of seamlessly integrated and automated network and security technologies to help retailers secure digital transformation initiatives.
Copyright © 2021 IDG Communications, Inc.