Delivering Expert Cyber Security Solutions to small & medium-sized businesses

We focus on educating, transforming and protecting our clients from cyber threats

Learn About GoldSky

How to Secure Customer Data during Holiday Shopping Events

Every year, the retail industry notices a spike in online sales activities during the holiday season. During this season, Cybercriminals become more active. Therefore, implementing scalable security controls not only meets regulatory compliance, it also ensures that consumer data is protected from threat actors. Thus, preventing significant losses to both reputational and financial assets.

The most important revenue-generating period for the retail industry is the festive or holiday season, which is marked by a spurt in purchases during Black Friday, Cyber Monday, and Christmas and New Year vacations. However, said festive seasons are also the most loved time of the year by cybercriminals because of the opportunities they have to deploy malicious campaigns against unwitting retailers and consumers. 

While retailer organizations are more focused on preparing their inventory to withstand consumers’ demands, there is little to no attention given to basic cybersecurity risks associated with the retail value and supply chain.

As such, the likelihood and impact of cybersecurity incidents tends to escalate. Therefore, small to midsize retail organizations must be vigilant and equipped with proactive safeguards capable of protecting customer data and thwarting nefarious cybercriminal activities.

Online Retail Sales: An Upward Graph of Cyber Threats

According to the 2020 Trustwave Global Security Report, the retail industry is one of the most targeted industries in the United State, with nearly one in every four cyberattacks attributed to the retail/e-commerce industry. According to the 2020 Consumer Holiday Survey, nearly 60% of consumers plan online purchases during the holiday season, and about 91% of all online shoppers plan to benefit from the free shipping incentive that comes with the process. This entire process is heavily focused on the flow of Personal Identification Information (PII) via digital infrastructures, such as retail websites, mobile applications, database servers, etc., all of which tends to be a valuable asset to both the retailers and threat actors alike.

Some of said PIIs include names, email addresses, birth dates, payment card details, etc. – when in the hands of bad actors, these sensitive information can be used to deploy dangerous attacks, including phishing attacks, ransomware attacks, session hijacking, etc.

The annual number of data breaches and exposed records in the United States from 2005 to 1st half of 2020. (Source: Statista)

Steps Online Retailers Should Take to Prevent Data Breaches

Here are three crucial steps that online retailers can take to prevent cyberattacks that can compromise customer or other financial data:

  • Monitor Network TrafficIt is challenging for IT security teams to detect the presence of cyber criminals once they already have gained access into the enterprise information network. Retailers are better off investing in a security solution that provides granular visibility that enables their IT security teams to control all network communications, including server traffic.

    The advantage of investing in security solutions is that it will help detect any deviation in behavior, allowing the security team to flag it down. A network security detection and prevention solution also helps to remediate threats that might have already affected mobile and web applications systems that are critical to business operations.

  • Isolate Critical Segments using Micro-Segmentation – A micro-segmentation approach to data security helps organizations to create logical segments of critical data, with the intent to separate critical data from everyday operational data. This approach to data security promotes a zero trust framework, whereby the corporate network denies access to untrusted data systems unless explicitly allowed. Implementing micro-segmentation adds a layer of security that blocks cybercriminals from actively perpetuating common attack techniques.
  • Employee Awareness Training and Education is Key – Cybercriminals usually attempt to break into an enterprise network by targeting employees with social engineering tactics, including phishing. Thus, an employee who is not well trained to detect and respond to cybercriminal activities is capable of singlehandedly opening the door for threat actors. On the other hand, a trained workforce is the greatest asset to an organization because they act as the first line of defense against cybercriminal activities.

In Closing

Prior to the busy holiday shopping season, it is imperative for retailers to develop and maintain comprehensive cybersecurity strategies to help position their business operation to withstand the effects of increasing cybercriminal activities. These comprehensive cybersecurity strategies should be layered with proactive approaches aimed at preventing security incidents from occurring. Being vigilant can help protect consumer data to an extent, especially during the vulnerable holiday shopping season.

While most retailers have their hands full with sales and other business activities, it is beneficial to consult with cybersecurity experts, such as GoldSky Security, that offer the necessary cybersecurity solutions to help retail organizations to build and maintain a resilient security posture that is in-line with the evolving threat landscape.