main

HacksSecurity

Cybersecurity as a Selling Point: Retailers Take Note

December 13, 2018 — by Jeff Curley0

UK-Retailers-960x640.jpg

UK-based retailers were no strangers to data breaches in 2018. In June, Dixons Carphone announced a breach of 5.9 million customer bank card details and 1.2 million personal data records, and the following month, Fortnum & Mason likewise warned customers that their data had been exposed. In fact, since GDPR took effect in May, more than 8,000 data breach reports have been filed in the UK. Each of these breaches involved a notification to the affected users which, combined with accompanying news coverage, is creating a cultural shift in cybersecurity awareness and redefining people’s online shopping habits.

The fact is, very few businesses have the luxury of occupying a unique position in the market without direct competition, and security can—and does—play a role in influencing consumer brand loyalty. Case in point: Following its 2015 hack, TalkTalk lost 100,000 customers.

Considering these dynamics, it is vital that consumer-facing companies view security and privacy not just as the thing that saves them from harm, but as a competitive advantage to be leveraged to drive trade at the loss of those that do not.

Security Standards Are Shifting

Currently, it is a mixed picture as to which organisations advertise their security acumen to their competitive advantage. Of the top five retailers in the UK, three have primary navigation links—named “Privacy Centre” or something similar—on their homepages directing users to their security standards.  If I had to guess, I’d say all five top retailers will have a primary link to such a resource by the end of next year.

[You may also like: Consumer Sentiments About Cybersecurity and What It Means for Your Organization]

Online banking institutions appear to be the most acutely aware of security’s influence on customer decision making. This is a perhaps unsurprising, given that their security postures are scored by third party organisations such as Which?, across categories such as two-factor authentication login, encryption, safe navigation and logout.

Since the advent of GDPR—which sets out clear guidelines for companies with regard to how they should store data in their systems, how they should identify and report breaches, and more—we are seeing security positioned as a primary consideration in the build of new online services, so-called ‘data protection by design.’  We could not have conceived of this a new phenomenon prior to GDPR, and it will surely result in a fundamentally different online experience for consumers in the coming years.

The Role of AI in Managing Privacy

Security regulations aren’t the only new influence on managing consumer privacy. New technologies, like AI and IoT devices, are likewise impacting online retail experiences. While the top ten UK retailers don’t currently utilize chatbots or similar AI technology on their websites, chatbots are increasing in popularity among organisations that have complex or diverse product ranges (like H&M’s Virtual Assistant for clothing selection guidance).

[You may also like: Consolidation in Consumer Products: Could it Solve the IoT Security Issues?]

As cutting-edge and “cool” as these are, the reality is that any form of online communications can become a vector for cybersecurity attacks. And the newer a technology is, the more likely it will become a focal point for hackers, since gaps tend to exist in technologies that have yet to establish a solid framework of controls. Just ask Delta Airlines and Sears, which suffered targeted attacks on their third-party chat support provider, exposing customer data and payment information.

One of the primary privacy exposures facing these types of online services is the frequency of change in web applications. Decisions on how and when to secure an application can be lost during interactions between developers and security professionals, particularly when code changes can be upwards of thousands per day. How do you reduce this risk? One way is via the application of machine learning to understand and patrol the “good” behavior of web application use, as opposed to chasing the ever-lengthening tail of “bad” behaviors and deploying access control lists.

The Way Forward

By pushing privacy to the forefront of customer experiences, online retailers can differentiate themselves from competitors. A recent Radware survey discovered just how security conscious UK consumers are: They are liable to abandon brand loyalty in exchange for a secure online shopping experience. Organisations would do well to invest in strong cybersecurity if they want to increase trust and attract new customers at key trading periods. Otherwise, retailers stand to lose their competitive advantage by encouraging customers to exercise their true power, their power to go elsewhere.

Read “Consumer Sentiments: Cybersecurity, Personal Data and The Impact on Customer Loyalty” to learn more.

Download Now

SecurityWAF

Retail & Web Application Security: What Application-Layer Security Threats Are in Store for Retailers

January 10, 2018 — by Radware2

waf-retail-960x720.jpg

The retail industry is undergoing a transformative period as the “empowered” consumer, driven by technological advances and breakthroughs, impacts how retailers market, communicate and sell. Retailers continue to erode the barrier to purchase via a myriad of new technologies, such as mobile apps, social media transactions and AI that converse with consumers. They leverage AI to analyze buyer behavior and optimize buyer preferences. Even “traditional” retailers have invested in technologies that track both offline and in-store behaviors to further reduce the barrier to sale regardless of location.

DDoSSecurity

It’s Beginning to Look a Lot Like Cyber-Attack Season

November 9, 2016 — by Ben Desjardins1

retail-cyber-attacks-holidays-960x639.jpg

This year’s door buster deal might just be a DDoS attack

The luring presence of large bowls of excess Halloween candy laying around my house can only mean one thing: It’s that time of year when retailers are preparing stores (both physical and virtual) for a crush of holiday shoppers on Black Friday.

As the story goes, the term originates from an incident in the late 19th century in Philadelphia. The retailer Wanamaker’s Department Store decided on a deep discount of calico, the most common fabric used for dressmaking at the time. The throngs of shoppers that showed up for the penny-a-yard fabric sale ended up breaking through the glass windows of the front door, forcing the store to close. The closure no doubt cost Wanamaker’s dozens of dollars.

Attack Types & VectorsSecurity

Why Online Retailers Should Be On High Alert for Cyber-Attacks

August 18, 2016 — by Ben Desjardins0

ert-report-retail-3-960x640.png

The close of summer in the United States brings with it one of the most important online selling seasons for Internet retailers: Back-to-School (BTS) shopping. This critical shopping season trails Cyber Monday closely as the most important for online generated revenue for many retailers. According to a recent study by Field Agent, a research firm specializing in retail, nearly two-thirds of U.S. consumers plan to purchase at least some of their BTS goods online. So, naturally this is a time of year that the security teams for major online retailers need to be on high alert, keeping an eye out for any attacks that can disrupt operations or breach sensitive data. It’s also a time they need to worry about malicious actors targeting customers with phishing attacks, even if there’s little they can do directly to prevent them. With average consumers in U.S. planning to spend between $500-$1,000 on BTS shopping, any impediment to consumer sentiment and quality of experience can have dramatically bad effects.

Given the timeliness of the topic, let’s explore some of what we, at Radware, are seeing as significant trends both in the threat landscape targeting online retailers, but also changes they are making in their IT and business that play into the cyber threats.

DDoSSecurity

Is Your Organization In the Ring of Fire?

March 17, 2016 — by Shira Sagiv0

ring-of-fire-2-960x498.jpg

Schools are getting more sophisticated; there is no doubt about it. My kids recently had an "emergency study exercise" in grade-school where they needed to log in to the school system from home and participate in an online classroom, listen to a session and answer some questions.  The idea was to see if the school was prepared for emergency situations, where the kids couldn’t attend school for some reason, but they could continue studying remotely.  I thought that was pretty cool. 

I also learned recently about a high school in our area where all the classroom activity is conducted online.  The students have no books, no notebooks – only their laptop.