26 November 2020
Black Friday, Christmas shopping and the January sales are merging into a single peak shopping season – and this year, the sales bonanza will be predominately online. We’ve already seen China’s online-only Singles Day extravaganza breaks sales records, yet with increased sales and traffic come much greater cybersecurity risks.
This could mean anything from retailer networks being targeted to harvest customer data or intercept payments, to phishing scams and bogus sites targeting consumers. In fact, the UK’s National Cyber Security Centre (NCSC) has warned consumers of staying safe online ahead of the annual shopping event.
While consumer advice is always welcome, businesses are the ones that should really be taking stock of their cyber defences across their entire network. With ecommerce spreading across industries from retail to travel and telecoms, websites, payment systems and back-end fulfilment applications need to be secure and safe for consumers to use. A single slip up on-line could leave reputations in tatters, as we saw with TalkTalk and BA. What’s more, organisations shouldn’t just be checking up on systems ahead of busy times of the year. Putting in place continuous assessment of cyber security defences is key to staying ahead of cybercriminals, who are always looking to exploit any opportunity.
Most importantly, retailers need to remember that cybercriminals aren’t just planning hugely sophisticated attacks that require deep infiltration. Phishing attempts can be hugely effective at gathering passwords to access wider company systems, meaning staff should be educated on how to spot them. Equally, misconfigured cloud platforms can provide easy access to business or customer data. All of these risks should be regularly checked by cybersecurity teams and a regular audit of cyber posture can be a good way to identify where the risks are. Faced with a very real danger from cyber-attacks and brand damage, retailers should be constantly reviewing how they deal with the cyber threats they face. If they do fall victim to an attack it could mean a hefty fine from the Information Commissioner’s Office alongside a fall-off in sales due to sites being off-line or consumer mistrust, so failing at cybersecurity is simply no longer an option.
By Piers Wilson, Head of Product Management at Huntsman Security