The threat of cybercrime in retail has never been more significant. In the first six months of 2016 cyber-attacks rose by 46 per cent, and in the next six retail giants like Tesco and Deliveroo have succumbed to attacks exposing customer data.
Over this Christmas period retailers are expected to receive over one million cyber-attacks per day and 50 million global online fraud attacks are expected to be attempted over Black Friday and Cyber Monday shopping week.
As online sales continue to increase, expected to rise to 21 per cent of overall sales next year, more and more opportunities are available for hackers to exploit.
“We’re now seeing serious organized criminal gangs ruthlessly exploiting any vulnerability to make money.”
“Retail is data rich and is where high volumes of transactions are done — meaning there’s lots of money in it,” mobile security app Lookout’s vice president international G.J. Schenck said.
“Retailers literally have consumers coming to them daily to spend money, and in every transaction, there is subsequent swapping of valuable information during the process. This makes retailers a prime target for hackers.”
Retail is an industry which depends on its relationship with its customers. The focus on ease of use for online platforms, making transactions more streamlined so as to prevent customers leaving orders, means storing masses of customer data.
A spokesperson from Gumtree commented: “Data is now more valuable than ever, with the personal details of customers prized particularly highly. Unfortunately this is something that applies to both retailers and the cyber-criminals.
“Hackers are always looking for new ways to breach the defences that retailers put in place, and attack any sign of vulnerability in order to gain access to sensitive company information and customer details.
“This can be a game of cat and mouse and retailers have their work cut out in order to protect themselves and their customers from cyber-attacks.”
“No one wants to be the next Deliveroo or Tesco hack headline.”
Not only is the battle ongoing, as new technologies breed new attack methods, but attackers are getting more sophisticated.
BT’s vice president of security Luke Beeson said: “What we’re seeing is a shift in the profile of the attackers. We’re moving away from hacktivist types to ruthless entrepreneurs who have found a way to generate large amounts of money.
“What we’ve seen traditionally is government defense sectors being targeted, however this has now moved to the finance services with hard cash to get after. We’re now seeing serious organized criminal gangs ruthlessly exploiting any vulnerability to make money.”
Beeson suggests that fiercely advertised events like Black Friday increase opportunities for hackers to exploit.
He continued: “What’s happening is companies are advertising furiously to get people to transact, they are then able to replicate these adverts, and get consumers to click on these emails which then install malicious software, getting customers credit card details and making purchases elsewhere.”
Schenck added: “Lookout’s research has proven that cyber criminals are growing in sophistication, and they will continue to do so as the monetary gains from these kinds of attacks keep increasing in value.
“Generally in the UK we need to raise the awareness level”
“Where there is money to be made, there will be cyber criminals looking to exploit the situation.
“Historically, we did not hear about most breaches because if customer data wasn’t compromised, companies aren’t mandated to share their stories.
“However, that will change with the adoption of the General Data Protection Regulation and no one wants to be the next Deliveroo or Tesco hack headline.”
The seemingly endless battle between hackers and retailers’ security teams is not as fruitless as it may seem. Aside from retailers pumping millions into security spending, simple steps can be taken to help keep customer data safe.
Beeson commented: “I think retails and consumers have an opportunity to mitigate the risk by deploying more security controls.
“Retailers should work with consumers to raise the levels of awareness amid their consumer base. Basic hygiene security steps like having up to date antivirus software, having strong and varied passwords and regularly changing those passwords.
“Another important thing is having an appreciation of your digital footprint and understanding what information is out there and readily available about you.
“Passwords often require your mother’s maiden name is, I reckon it’s pretty easy to find out what that is by doing a bit of online research.
“Generally in the UK we need to raise the awareness level to make the UK a safer place to do business and transact online. Organisations need to educate consumers around the pitfalls of transacting online.”