It’s been an upside-down year where none of the old rules seem to apply – even to Christmas shopping. For retailers, this year’s holiday season is starting earlier than ever and is expected to include a record number of e-commerce transactions, in what Gartner terms “a digital-first 2020 holiday season” – as COVID-19 prompts people all around the globe to do practically all of their holiday shopping online.
Perhaps not surprisingly, cyber criminals are planning to take advantage of this for their own nasty purposes. Cyber security threats are expected to be on the rise over the holiday season – with threat actors intending to lure online shoppers to malicious websites or find new ways to exploit e-commerce vulnerabilities.
Cyber threats are expected to be on the rise over the holiday season - with threat actors intending to lure online shoppers to malicious websites or find new ways to exploit e-commerce vulnerabilities.
TOP CYBER SECURITY THREATS USED BY HACKERS TO SNARE ONLINE SHOPPERS
Threat actors use a wide range of tactics to “hijack” shoppers and steal their credentials. Here are some of the most common cyber security threats used to trick consumers online:
The bottom line is that due to the effective brand impersonation attempts of threat actors, customers are not always aware that the link they clicked is taking them to a malicious site.
MALICIOUS ACTORS TARGET RETAILERS DURING THE HOLIDAY SEASON
In the retail industry, there’s a particular problem with fraud and insider threats because retailers typically have unusually high employee turnover. The industry generally relies on the use of seasonal workers, and there’s also a heavy dependence on third parties for key business operations that can’t be staffed at each retail location. These are things that raise the chances of a retailer being breached.
During the holiday season, in particular, retailers need to watch out for direct cyber security threats and malicious behaviors targeting consumer data.
During the holiday season, in particular, retailers need to watch out for direct cyber security threats and attacks and malicious behaviors targeting consumer data. Common cyber criminal tactics include:
HOW RETAILERS CAN HELP CONSUMERS IDENTIFY MALICIOUS ACTIVITIES
Retailers can help consumers avoid falling for malicious lures by sharing key information about how to spot suspicious messages and websites – i.e., teaching them how to notice suspicious activity or traits that ought to raise a “red flag.” The following are potentially problematic types of content that can be frequently identified, if consumers learn how to keep an eye out for them:
ONLINE SHOPPING – “BEST PRACTICES”
By offering tips, retailers can help educate consumers on basic data hygiene and security steps. You can encourage consumers to stay safe by following these guidelines when making online purchases:
When online shoppers work on public WiFi systems while making purchases, they are opening up their laptops (their credit card details) to an increased risk of attack
TAKE THE NECESSARY STEPS TO PROTECT YOUR ORGANIZATION’S CONSUMER DATA
It’s not just about modifying consumer behavior. This holiday season, every retailer should take some basic steps – in order to keep consumer data safe. This is particularly important since, due to COVID-19, so many IT and business teams are working remotely, and it’s critical to have strong processes in place. Some fundamentals include:
From a more global perspective, optimizing monitoring processes and implementing automated vulnerability and penetration testing are also key to mitigating the risk to an organization.
By taking the time to address these and other key issues related to consumer data protection, retailers can go a long way toward alleviating the risks posed to online shoppers by cyber security threats – throughout this holiday season.
Mahesh Athalye is a Senior Director within the retail vertical at UST Global. As a business and go-to-market leader, he partners with clients to drive profitable business growth by implementing retail technology – including online, in-store IT, and AI/ML solutions. Mahesh has 27 years of experience in manufacturing, financial services, and the retail IT and security sector. Prior to joining UST Global, Mahesh was part of the leadership team of Xpanxion (a UST Global Company). He played a key role in the business growth at Infosys and was part of the delivery leadership at Syntel Inc. Mahesh is actively involved in community service, and is a Board member of the TAG FinTech Society and a volunteer at the Global Thrombosis Forum.