Customer data is a prime asset for online retailers. The way a retailer gathers, analyzes, and protects their customer data is quickly becoming a competitive advantage. Faced with a rapidly evolving threat landscape, online retailers need tools that can help them achieve end-to-end security that covers the entire customer journey.
Online retail is a rapidly evolving industry. Over the past decade we've seen fundamental shifts in device usage, shopping channels, consumer trends, compliance requirements and global markets.
This shift means that online retailers businesses face the unique combination of cyber and fraud threats. The seasonality of the industry (i.e., shopping events, sales and the holidays season) and the frequent sales volume spikes can make fraud detection challenging. Online retailers increasingly prioritize innovative ways to raise customer engagement and improve their experience, but promo codes, gift cards, vouchers, and hassle-free refund policies give rise to all kinds of abuse such as inventory stocking, phishing, fraud, and sub-domain hijacking.
To address these unique challenges, CyberInt is launching CyberInt Retail Protection - a packaged solution for online retailers to address the specific needs they face, ensure business operations and continuity, and protect their customer and employee data as well as brand reputation.
The Online Retail Security Landscape
Threat actors and their tactics are continually evolving, but one thing remains the same: online retailers are prime targets for cyber attacks. At the same time, data security and compliance are becoming an integral part of online retail operations.
Online retailers understand that digital transformation and the expanding digital surface brings with it more entry points for cybercriminals.
Retailers are Lucrative Targets
Due to the sheer amount of data that online retailers possess, threat actors are targeting them specifically with a variety of attacks:
- Phishing attacks: There is a new phishing site created every 20 seconds, and phishing scams increasingly target mobile users. Valuable customer data is often the target.
- Fraud: fraud costs as a percentage of annual revenue have increased from 2.71% in 2017 to 2.91% in 2018 and continue to climb.
- Brand abuse: Brand is undeniably an extremely valuable asset for online retailers and remains to be a target of various attacks that result in reputational damage as well as financial loss.
- Account takeover (ATO) attacks: Unauthorized access and control of a legitimate user account can be used by threat actors in multiple ways, including stealing customer data to sell, as well as fraud.
- POS and online transaction compromise: Attacks targeting credit card information at the point of payment compromise operations and continuity, and expose retailers to hefty lawsuits.
- Cloud infrastructure exposure: As online retailers increasingly transition to the cloud, risks of human error that lead to accidental customer data exposure, as well as attacks targeting the cloud, increase as well.
- Fines for GDPR non-compliance: Penalties for breach-related infringements can have severe ramifications for businesses. If online retailers fail to make customer data security an essential corporate priority, they can end up with hefty multi-million dollar fines. For example British Airways is now facing a record GBP 187M fine and Marriot is due to pay $123 million for data security slip-ups.
Generic cybersecurity solutions are no longer sufficient
To survive and thrive in today's competitive markets, online retailers need to move quickly when considering consumer trends and seasonality needs. Additionally, they need to optimize the entire consumer journey, from a frictionless shopping experience through to customer care and refund processes, in order to provide the best possible service while simultaneously fighting fraud and improving competitive differentiation.
Generic cybersecurity solutions are not capable of addressing these unique challenges, as they offer no effective support for business continuity, seasonality or threat assessment and are not fit to address the increasingly complex business processes and digital customer user journeys.
Lack of visibility
Retailers require complete visibility into their entire digital presence and, thus, into potential threat actors’ entry points. But this level of visibility is increasingly difficult to achieve.
To get the agility advantage and make the most of the data they have, online retail IT operations are transitioning to multi-and-hybrid-cloud environments.
As the competition intensifies, online retailers increasingly rely on third-party solutions and services from multiple vendors to provide the best offering and experience for their customers. In addition, online retail has increasingly become a multi-channel experience, with 70 percent of traffic and 58 percent of purchases worldwide occurring on mobile devices.
This raising complexity creates a serious problem with the lack of end-to-end visibility. Getting a full view of a retailers' entire digital presence becomes increasingly challenging, leading to potential threat actor entry points being missed or overlooked.
Noise and Lack of Prioritization
Another challenge is that the use of generic solutions leads to a prevalence of false positives, a slew of conflicting alerts and bad integrations into retailer’s core systems. This noise results in a lack of prioritization that in turn has a negative effect on the level of protection that retailers are able to achieve.
This is illustrated by the fact that retail is among the top industries with the longest time to detect and respond to data breaches. Once a breach occurs, the average amount of time required to identify a data breach is 197 days, and the average amount of time needed to contain a data breach once it is identified is 69 days.
Fraud and Cyber Covered Separately
Creating self-contained environments to track cyber and fraud activities without the ability to contextualize threats and the risks behind them leads to a situation where fraudsters and cybercriminals thrive. In retail, these two types threats can no longer be separated.
Overcoming These Security Challenges with CyberInt
CyberInt, along with the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC) has just announced the launch of Cyber Retail Protection.
This brand-new offering is made to address the unique security and protection needs of online retailers. RH-ISAC delivers cyber resilience, allowing online retailers to stay protected while at the same time remaining agile, data driven, innovative, and customer centric.
CyberInt’s one of a kind solution provides online retailers with:
- Visibility into the online retailer’s digital footprint and potential attack surface
- Ability to address threats across organizational and digital environment
- Assessment and monitoring of risks deriving from 3rd parties (vendors, partners, suppliers)
- Understanding of company's risk profile
- Ability to reveal unknown threats: Cyber expertise into threat landscape (global or region-centric campaigns, well-known or sophisticated newly adopted threat actor tactics and techniques, etc.)
- Ability to holistically act against both fraud and cyber threats
CyberInt Retail Protection is a modular packaged solution tailored to the needs of online retailers. The managed services offering, Powered by Argos (™) Digital Risk Protection Platform, includes the risk profiling scorecard designed for RH-ISAC, targeted threat intelligence, third-party cyberscore, digital presence monitoring, and proactive threat hunting services. It also includes the risk profiling scorecard developed and designed in collaboration with RH-ISAC.
CyberInt Retail Protection is now available.