Shoring Up Online Retail Security Can Ensure A Merry E-Christmas For All

Posted on by Tony Kontzer

One thing we can all be sure of this holiday season: Lots of Americans are choosing to avoid the insanity in shopping malls by firing up their computers, phones and tablets to take care of their Christmas shopping online instead.

Even though a steady flow of large-scale data breaches have hit American companies in recent months (hello, Equifax, Whole Foods and Uber, just to throw out a few prominent names), most shoppers have been undeterred.

Consider a report from Adobe Insights that online sales for Thanksgiving Day and Black Friday reached a combined $7.9 billion, up 18 percent from 2016, and that Cyber Monday was the biggest day yet in the history of ecommerce, and it's clear that most shoppers have overcome any security-related fears they might have.

That's not to say that security concerns had no impact; in fact, online holiday sales could have been even better. Survey findings from Web security firm SiteLock indicate that nearly one-third of shoppers had no intent of doing any online holiday shopping due to the threat of breaches.

What's really amazing is the reality that online retailers don't appear to be phased by this, at least so far as their security priorities are concerned. While there are no numbers for this year, Retail Dive recently revisited a KPMB survey completed in 2016 that found that 55 percent of senior retail executives admitted not having invested any capital funds in cyber security during the previous 12 months. This, despite having the far-reaching impact of the Target and Home Depot breaches still visible in the rear-view mirror.

A really confusing part of the whole equation is this: risk monitoring firm BitSight recently told Info Security magazine that its analysis of breaches in the retail and hospitality industries found that security incidents are actually less frequent during November and December.

So what gives? Should we rest easy with the assumption that hackers take the holidays off?

Not so fast, says IBM's SecurityIntelligence news analysis site. In a recent post, Nick Bradley, a practice leader in IBM Security's threat research group, wrote that although IBM research showed that the number of attacks targeting retail companies dropped steadily between June and October, a closer look at last year indicated that the volume of attacks on retailers surged in mid to late December. Bradley also added that undetected malware attacks from earlier in the year can throw a wrench into the holiday season.

The takeaway for retailers is clear: Short-change your security efforts at your own risk. It's bad enough that a security breach can eat into your end-of-year revenue; even worse is the long-term damage it can do to your reputation. KPMG's report from last year indicated that 19 percent of consumers said they would stop shopping at a retailer that had been the victim of a cyber security attack. That's a big chunk of customers to risk losing. And it doesn't have to be an attack that targets data; it can simply be a DDoS attack that interferes with web site availability and functionality.

It's for these reasons that Bradley recommends that retailers remain diligent about their security practices throughout the year. In addition to constantly monitoring their networks, he suggests that retailers review IBM's "Security Trends in the Retail Industry" report, which can be accessed here, and implement some of recommendations.

Bradley also has some words of advice for consumers, such as remembering to assess convenience versus risk, being wary of unsolicited email attachments, and making use of multi-factor authentication whenever possible.

Online holiday shopping doesn't have to be an exercise in blind faith. Retailers can't just hope they won't be next on the hit list; they must constantly invest money and resources in their cyber security measures if they want to ensure that their customers can shop safely, and that they'll remain their customers. And consumers can take matters into their own hands to an extent by taking proper precautions.

With a few simple actions, Christmas on the Internet can be the merry event it is in the physical world. And judging from online shopping trends, it's certainly worth everyone's effort.

Tony Kontzer

, RSA Conference

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community