As the holiday season approaches, people are beginning to think about shopping for gifts, so it’s a good time of year for retailers to consider how prepared they are for cybersecurity threats. Because, with more people spending money during this period – in 2022 consumers spent $211.7 bn online between 1st November and 24th December – there will be cybercriminals trying to take advantage of this. 

What types of threats do retailers need to consider?

Whilst e-commerce is on the rise, cybercrime can also affect physical retail stores too. And it doesn’t matter the size of the business, as even small businesses can be a target. Here are some of the potential threats that could affect you:

  • Point of Sale (PoS) attacks. Cybercriminals can target card payment systems in a number of ways. For example, by installing malware or spyware that can steal cardholder information; by skimming, which enables them to clone cards by attaching a device to a PoS device that can read card details; and through RFID skimming in which hackers use devices with near-field communications to steal encrypted information.
  • Phishing attacks. Hackers send out emails imitating different retailers and ask for personal financial information. For those who are customers of the retailer, this can come across as a genuine request. This type of attack has been made easier with generative AI.
  • Ransomware attacks and extortion. This type of attack is more likely to affect retailers with an online presence as a more extensive digital structure is needed to support their operations. In these cases, criminals use a type of malware that encrypts customer data and then request a ransom to release it.  In 2020, 44% of retail businesses were hit by a ransomware attack, so it can affect all types of companies.

What methods are used by hackers?

There are several ways that cybercriminals can carry out their attacks on retailers. Firstly, through phishing attacks targeting store employees. Also through remote desktop protocol, where hackers are able to crack login credentials and impersonate administrators, which gives them full access to confidential information. They can also launch distributed denial-of-service (DDoS) attacks which overload and shutdown websites, enabling them to access their systems and data.  

How to avoid the risk of attack?

Removing the risk of attack completely is almost impossible. However, there are a few key things retailers can do to reduce the risk, and limit the impact in case of an attack.

  • Train your employees to be alert for scams and phishing attacks. This is one of the most common ways hackers are able to access company networks.
  • Secure your network through actions such as enabling two-factor authentication and end-to-end encryption
  • Make sure you’re compliant with the Payment Card Identity Data Security Standard (PCI DSS)
  • Back-up all your data on alternative servers
  • Choose your vendor partners carefully and ensure they have good cybersecurity practices in place
  • Consider cyber insurance. Whilst this won’t prevent an attack, it will reduce the impact on your business finances should you become a victim