Major Online Shopping Sales: Why Security Has Never Been More Important
Managing Director, Security, APJ
Thought Leadership, Retail, Security
Major online sales are big business. Take a look at China’s Singles' Day that attracted shoppers from 192 countries, to snap up discounts at a rate of 256,000 transactions per second. This makes Black Friday and Cyber Monday pale in comparison to Asia’s largest 24-hour online sale. According to Bloomberg, the phenomena that was Singles’ Day 2017 logged $8.6 billion in sales within the first hour!
While such sales are massively popular with shoppers and great news for retailers, they unfortunately come with a rise in attacks from cyber criminals. In today’s hyperconnected world, simply expecting consumers to regularly change their passwords is unrealistic, leaving retailers with an even bigger responsibility to protect both their brand and their customers.
Targeted attacks at shoppers and retailers
During such events, and the holiday season in general, cyber criminals take advantage of these online sales peaks. The threat can be two-fold with attacks launched on both online shoppers as well as retailers during these busy periods.
For online shoppers, cyber criminals can set up fake websites with attractive offers on popular products. These sites then steal a shopper’s financial details when they try to pay. Also, account takeovers are often an easy target as consumers continue to use the same usernames and passwords across multiple sites. Account takeover is gold dust for online criminals because they are stealing not just bank information, but mobile phone contracts as well as PayPal, and Uber payment details, for example. This is all valuable data on the black market.
For retailers, high-profile attacks include planting malware to steal customer credit card data. Another threat facing retailers are Distributed Denial of Service (DDoS) attacks, where criminals may use extortion tactics to threaten to disable the website during such a profitable period. Additionally, insider exfiltration and sophisticated targeted attacks like advanced persistent threats (APTs) or phishing attacks, are big concerns for retail security professionals.
Gaps in staffing can impact security
According to our Midyear Cybersecurity Report, retailers can feel the pinch when it comes to building out their security resources—both in terms of people and tools. Twenty-four percent of the retail security professionals said they see a lack of trained personnel as a major obstacle to adopting advanced security processes and technology. In tandem with the lack of staff, retailers also see a steady stream of security alerts that they can’t address in full: 45 percent see several thousand daily alerts, but only 53 percent of those are investigated.
With staffing being an issue, automated security solutions become more important as automation can help fill the gap caused by staffing shortfalls. For example, solutions that allow for the automatic segmentation of an infected device to a quarantined location, can help to ensure that the infection can’t spread and also takes away the device’s access to confidential information.
Revenue and brand reputation
In our cybersecurity report, retailers said they’re aware that security breaches have a real-world impact on their businesses. In the past year, retail security professionals said that operations, finance, and brand reputation were the areas of their businesses most negatively impacted by security breaches. Fifty-four percent said they’d dealt with public scrutiny due to data breaches, and 32 percent said they’d lost revenue due to attacks in the past year. In addition, about one-fourth said they’d lost customers or business opportunities due to attacks.
With the rising popularity in major online sales, it’s never been more important for retailers to invest in automated tools to help their security teams stay on top of alerts, gain visibility into their dynamic networks, as well as detect and respond swiftly to threats.