2020 saw the rapid transformation of the business landscape as we had known it. Every sector had to rapidly address unparalleled difficulties. For retail, the challenge came with the shutdown of the high street and a massive shift to online shopping, leaving many businesses struggling to adapt in the face of economic downturn.
Those retailers who have been able to continue operating have been affected in other ways, first and foremost by the alarming rise of data breaches. As recent research has revealed, 60% of UK retailers have experienced a cyberattack in 2020. Indeed, the outlook is now so worrying that cybersecurity is quickly rising up the ranks and becoming a priority for many businesses.
A serious threat for retailers
While the number of cyberthreats skyrocketed in 2020 due to increased online shopping, this was not a new problem. Retailers had been suffering at the hands of cyberattacks for some time, even prior to the pandemic. Just one-third of retail organisations feel their IT security posture is ‘highly effective’. These businesses are now facing added capacity constraints, with even fewer resources to devote to prevention. This is causing a rise not just in the number, but also in the severity of cyberattacks, with a major data breach taking center stage in mainstream media almost every day. Boots and Tesco in the UK, and Barnes & Noble in the US, are just a few of many recent examples.
If not sufficiently dealt with, cybersecurity risks will damage what is arguably the most valuable aspect of the retail industry, the relationship between the retailer and the consumer. This is already a major concern, with two in five organisations having experienced an incident involving the loss or theft of sensitive information regarding customers in the past year. As the industry falls victim to cybercriminals, often getting thrown into the spotlight against their will, customers’ trust will inevitably decline as they lose faith in those brands they begin to consider most vulnerable. The retail sector needs to regard cybersecurity less as an IT concern, and more as a major threat to businesses success.
Protecting customer credentials is key
The drastic change in consumer behaviour over the last 12 months has also brought with it a whole new set of challenges. In an effort to try and beef up their cybersecurity efforts, many retailers now require customers to create an online profile to complete a purchase. However, rarely do users create new credentials from scratch and, instead, tend to reuse existing passwords. The number of people who still use the same login details across several different accounts is still far too high, with research showing more than half use the same password across multiple accounts. This in turn means the likelihood for one of these profiles to be compromised increases significantly. The damage that can be done in such an instance is severe. But the practice of reusing passwords across multiple accounts isn’t limited to consumers alone. It also affects retail employees.
Credential theft, whereby cybercriminals try to get hold of employee or customer passwords to access critical information, is now the most common form of cyberattacks that UK retailers are subjected to. It is therefore imperative that retailers invest in a cybersecurity solution that safeguards user credentials, ideally featuring zero-knowledge encryption, which means the encryption is so strong that even the solution provider wouldn’t be able to unlock or decrypt any login details.
Using a reliable enterprise password security solution is a simple and cost-effective way to protect employees from falling victim to cybercriminals, especially considering that almost 40% of retail organisations have seen an attack involving the compromise of employees’ passwords in the past year. An enterprise-grade password management platform can support organisations with strong, randomly generated passwords, and significantly reduce the risks associated with weak password use. Password negligence errors may be human, but they are certainly not inevitable.
Time to take action
Retailers should further develop a strong cyber incident response plan as this ensures they aren’t left scrambling over what to do after a breach and, instead, quickly and effectively can stop cybercriminals in their tracks and deal with any potential fallout. Perhaps surprisingly, over a third of UK organisations do not have a response plan in place, making this another crucial issue to address for any retailers wanting to bolster their cyber defences.
Overall, retailers need to make cybersecurity is integrated with their long-term business decisions. Cybercriminals are becoming more skilled, and attacks more targeted and sophisticated. Instead of attempting to catch up with trends, retailers need to get ahead of the game and proactively strengthen their defence mechanisms. Failing to do so can not only damage consumer trust, but also put a businesses’ entire future at risk – especially when you consider the major financial cost of a cyberattack, estimated at over $5 million for more than a quarter (27%) of businesses.
The past 12 months have been challenging on many levels, but retailers simply cannot afford to get complacent in the face of cyber risks if they wish to bounce back from the many setbacks of 2020.
By Darren Guccione, CEO & Co-founder of Keeper Security