Hacking, data breaches and other types of cybercrimes are targeting more retailers, as both brick-and-mortar stores and online shopping websites increasingly rely on digital systems to conduct business.
Recent studies reveal millennials, people in the 23- to 34-year-old bracket, overwhelmingly prefer to shop online, using their smartphones, tablets and computers. As the boomer generation ages, the convenience of online shopping will likely lure an increasing number of older shoppers onto the internet. We are now seeing grocery stores promoting online shopping.
With this trend, retailers are being exposed to increasing risks of attack.
Retail digital exchanges with customers and financial institutions contain a treasure trove of valuable data, including the details of customers’ accounts and personal information. Retail has become such a lucrative, easy target that “discount” schools have popped up to train cybercriminals.
A risk management company recently reported discovering a Russian-language six-week online course for aspiring cybercriminals. For just 45,000 rubles ($745 in the U.S.), the course promoters boasted that would-be criminals could make $12,000 a month, based on a 40-hour workweek. That is about 17 times more than an average Russian can make working a legitimate job.
We mostly hear about the cyberattacks on big retailers, such as Home Depot, which had to pay customers a $19.5 million settlement for its 2014 credit card breach. While few of the major retailers have escaped attack, the small, locally owned shops also are vulnerable. Basically, no retailer is too big or too small to be targeted by cybercriminals.
And every successful attack is costly – in terms of actual losses and lost reputation.
A recent study revealed that the average, per record cost of a data breach was $172 in 2016. For example, a record is one compromised credit card. Costs associated with a data breach include investigation of the attack and its scope, damage to customers and fines imposed by banks for the breach.
The international accounting firm KPMP surveyed hundreds of customers last year regarding retailers’ data breaches. The company found that 19 percent of the people surveyed would stop shopping at a retailer that had been a victim of a cyber hack, even if the company took the necessary steps to remediate the intrusion. In addition, 33 percent indicated that fears of further exposure of their personal information would prevent them from shopping at a breached retailer for at least three months.
Retailers must have their guards up in this time of increasing threats. Small retailers, whose cybersecurity strategy is to “hope for the best,” must recognize that their time will come – likely sooner than later.
Some steps to take:
- Set a high priority on implementing “chip systems.” While cyberattacks are decreasing involving point of sale exchanges, they will not disappear. Chip systems are working, but some retailers have not enabled chip scanners in their stores.
- Use only high-quality, secure domain providers.
- Train employees about cybersecurity, including the importance of cooperating across departments. Require employees to use strong passwords.
- Update software regularly and patch vulnerabilities.
- Install “firewalls,” to separate corporate, store and payment exchanges.
- Vet third-party suppliers and vendors to ensure that their systems are secure.
- Regularly audit your systems to determine if procedures are being followed and protection provided.
Instinctively, companies are tempted to hide or minimize the occurrence and scope of data breaches. But strength in combating increasingly clever and aggressive criminals will come from a united front. For the greater good, retailers should share information with each other about attacks.
Alphonso Rivera is the founder and CEO of Advanced Micro Resource Digital Forensics, a Bakersfield-based digital forensic company that specializes in digital audits involving cell phone and computer evidence for attorneys, private investigators, human resources consultants and companies.