Dan is a 20 year veteran of the ICT industry working for global and local vendors in bringing new and innovative technologies to market in the ANZ region. During his career, Dan has been passionate about bringing a local voice and insights to global technology challenges. As the Editor of GetCyberResilient.com Dan casts a keen eye across the hot topics, trends and pulse of local security practitioners to curate stories from near and far that are most impactful in addressing our evolving risks.
We live in a golden age of digital retail. In Australia, annual growth is at around 25%, while in New Zealand the rise is almost a third.
The end of the year is consistently the highest period for online sales, offering huge opportunities. But if there’s money to be made, cybercriminals are rarely far behind. These are the threats retailers face at Black Friday, Christmas and beyond, and the best ways to combat them.
Where cybercriminals attack
Customer data is crucial to online retail. Demographics can guide marketing campaigns and help plan inventory, while payment information enables retailers to offer shoppers a quick and seamless journey to purchase. But cyberattackers are after your data, which they can sell on the dark web or use for fraud. The most obvious response is for retailers to protect their perimeter. But that isn’t always enough.
Hackers will hit your partners, customers and reputation
By necessity, retailers have to share some of their data and processes with their partners and their supply chains. Organisations across Australia and New Zealand are increasingly using cloud-based systems to run crucial functions. While this makes business easier, it also opens the door to vulnerabilities across the data chain. Customers themselves may be tricked by bogus emails and websites, which sow confusion and can hit your brand’s reputation hard.
This sprawling attack surface means retailers cannot be complacent: almost one in five cybercrimes reported in 2020 and 2021 involved online shopping. Indeed, 34% of businesses cite cybercrime as their main challenge in moving forward with e-commerce. But while cybersecurity should be a priority, it shouldn’t be a blocker: the right strategies can go a long way in safeguarding you and your customers.
Choose the right e-commerce platform
Web-application attacks are perhaps the biggest threat in digital retail. Hackers may target your database, or inject malicious code to skim data from your users. The most important cybersecurity step is to choose the right e-commerce platform. It’s worth carefully reviewing the platform’s security protocols and track record in working with companies from your industry.
Any provider must be compliant with the Payment Card Industry Data Security Standards (PCI DSS; they apply to both Australia and New Zealand). Using Multi-Factor Authentication (MFA) offers further protection.
Ensure cybersecurity with firewalls and a segmented network
Firewalls are an important defence. A third-party web-application firewall offers protection against attacks and can also prevent bots and malware from stealing customer information and payment details. But a firewall is not a one-stop solution. Automated bot detection software will keep tabs on suspicious activity, while regular audits of vulnerabilities in your databases and applications will help you assess ongoing risks. Monitoring tools can be used alongside network segmentation, in which traffic is grouped and tagged by function, allowing you to limit who gets to see transactional and customer data.
Phishing and fraudulent websites
Once you’ve secured your own data, you need to look beyond your perimeter. That means having open conversations with your partners and supply chain about their vulnerabilities. And it means thinking about the general public. Cyberattackers will use your brand’s reputation to defraud your customers, and your customers will blame you for it. Research shows that a frightening 40% of people don’t hesitate to click on email links for their favourite brands. Phishing emails and fake browser ads can be used to extract personal data directly, or pull users into spoofed websites where they can be relieved of their information and cash.
Using DMARC and education to guard against spoofing
Cybercriminals are using increasingly sophisticated tactics, with fake logos, spoofed email addresses and URLs that are similar to your own. These ploys can direct people away from your products, hitting sales, and may also impact your reputation. Protocols such as DMARC can reduce the risk posed by spoofed emails, while customers can be educated via alerts on your site. Collaborations with your marketing and social-media teams can help the public recognise your brand and identify scams.
How to stay one step ahead
Cybercriminals don’t stay still, and neither should your organisation. Threat intelligence platforms can give you an insight into the threats that lie ahead, and help you future-proof your business. Threat intelligence can also feed into staff training, which should be more than a one-off exercise: frequent training will remind your teams of important messages, and can make them aware of new risks such as specific email scams or the use of their own devices at work.
Ensuring cybersecurity in retail
E-commerce’s growth shows no sign of slowing and, with the right digital strategy, businesses can reap the rewards. But any e-commerce strategy must have cybersecurity at its heart. Cybercriminals can threaten your websites, your customers’ data and your brand’s reputation. Using the right platforms, partners and policies can help you build an e-commerce business that’s safe as well as profitable.