English

It's All about Retail
Mar.13th-Mar.15th,Shanghai

HOME > NEWS > How digital transformation has left retailers vulnerable to cyber-attacks

How digital transformation has left retailers vulnerable to cyber-attacks

The digital revolution in retail is well and truly underway. Not only are more people shopping on the web – global e-commerce sales doubled between 2014 and 2019 – but the backend processes and systems that make retail businesses run have moved online as well. 

This shift has transformed the customer experience, making it possible for people to buy what they want, when they want, where they want. It has also helped retailers cut operating costs, scale rapidly and be more agile. 

But there’s a downside. Because transactions are increasingly being conducted online, and data is being stored in the cloud, retailers have become more vulnerable to cyber-attacks. 

“There’s no doubt that the shift to digital is driving a whole range of network vulnerabilities,” said John Tait, Global Managing Director, Payments Market at TNS. 

“We’re opening up the edges of networks more, which means there’s more opportunity and vulnerability points being exposed, and the number of attacks we’re seeing across retail continues to increase.” 

And while the level of sophistication of retail security systems has improved over the years, it’s not where it needs to be, according to Tait. 

“Cyber criminals are extremely well organised and they’re operating at a level which is over and above the general retail capability,” he said.

The damage from an attack can be significant. If fraudsters get a hold of company data, they often demand payment to release it. 

“The short to medium-term impact is loss of brand integrity with customers,” said Tait. “That obviously has an impact on a retailer’s ability to continue to trade successfully at the levels they once did. But on a more quantifiable level, there’s a financial impact and a business continuity impact.”  

Cyber criminals often threaten to release data publicly unless they receive payment, and if they believe the company is not going to pay, they might interfere with the organisation’s ability to operate as proof of their malicious intent.

The top three security risks in retail 

While retail has become more vulnerable to cyber-attacks due to digitisation, the human element presents the biggest risk, according to Tait. 

“Fundamentally, the three biggest security risks in retail are employees, phishing scams and supply chain attacks,” he said. 

  1. Employees

“Retailers typically employ staff at the front end of their business because they’re very good at customer service, business relationships, consumer relationships, and ultimately generating sales and supporting the objectives of growing the business. What they’re not trained in is security best practices,” said Tait.

“Employees are typically the biggest threat because – unfortunately – they are the weakest link in the chain.”

The key reason is that store staff have the most access to company devices and networks, so they are often targeted by scammers hoping to trick someone into granting them access to an internal system. 

However, it’s not always the case that employees inadvertently do the wrong thing. Some employees might deliberately leak sensitive information to outside parties for malicious purposes. 

“We would describe this as fraudulent activity,”  Tait noted. 

  1. Phishing scams

Following on from the risk posed by employees, phishing scams continue to be a major liability for retailers. 

“Sophisticated actors target employees to compromise their credentials and get access to data and networks to then compromise the integrity of those systems,” Tait said. 

Typically, a scammer will send instructions for an employee to follow, and the employee – thinking they’re doing the right thing – will inadvertently enable them to place malware on an unpatched system, or perform some other act, that gives them access to privileged data and information. 

  1. Supply chain attacks

“As retailers allow remote access to their store network, they become more vulnerable to hacks and intrusion from third and fourth parties,” said Tait. 

“It can be as simple as access to CCTV networks and cameras through to systems and network monitoring tools.” 


PREVIOUS NEXT

recommend

●  What can you get from the digital transformation practices of these companies?

●  Digital and intelligent become a new label for retail department stores and a new driving force for growth

●  These traditional retail enterprises have the following characteristics and phenomena in digital construction and new retail exploration.

●  Embracing the transformation and breaking the same, opening up the digital marketing system of the whole store

●  1964-2017, read the historical evolution of the US "consumption upgrade"

●  Internal structure changes in consumption of non-durable goods, durable goods and services

●  Suguo opened an unmanned convenience store

●  The first 24-hour shared unmanned convenience store in the country to land in Kunming