Security and fraud leaders across the retail industry gathered in Long Beach, California this week for the National Retail Federation’s annual NRF Protect event, which brought retail cybersecurity issues front of mind for practitioners from Target to McDonalds.
Meanwhile, this Forbes article by Mattias Walter Eser, Forbes Councils Member, encourages e-Commerce for retail, arguing “As consumer behaviors continue to shift toward digital channels, traditional retail businesses risk being left behind. By investing in an e-commerce business, these businesses can future-proof their operations and stay competitive in a rapidly evolving market."
While shifting to e-Commerce could future-proof the business, online retailers are still at risk of cyberattacks. According to a blog from Arctic Wolf, “when a breach involves a major retailer, it often becomes front-page news, since far more people are aware of the company and may, in fact, be devoted customers.”
Certainly there have been plenty of examples to support that claim. “Home Depot is reportedly facing no fewer than "44 civil lawsuits related to a widespread data breach earlier this year that affected 56 million debit and credit cards.”
Though not a breach or security incident, Honda issued a fix for, “a vulnerability that could have allowed anyone to take over accounts on a platform used by Honda Power Equipment and Honda Marine dealers in the United States.” Certainly, online retailers do more to prevent both fraud and cybersecurity incidents.
To learn more about best practices for e-Commerce security, visit RSAC’s Library and explore the resources available through the Retail & Hospitality ISAC.
Now let's look at what else made industry headlines this week.
Jun. 9: After rolling out its plan to prevent customers from sharing passwords, Netflix saw a rise in subscriptions.
Jun. 9: “Google, owner of the generative AI chatbot Bard and parent company of AI research lab DeepMind, introduced its Secure AI Framework (SAIF) on June 8, 2023,” Infosecurity Magazine reported.
Jun. 8: Using a social engineering campaign, North Korean nation-state threat actors targeted individual NK News subscribers to steal user credentials.
Jun. 7: “Email and network security company Barracuda warns customers they must replace Email Security Gateway (ESG) appliances hacked in attacks targeting a now-patched zero-day vulnerability,” according to news from Bleeping Computer.
Jun. 6: As tension mounts between the US and China, cyber is “becoming an integral part of modern warfare.”
Jun. 5: Attackers are reportedly targeting victims in a sextortion scheme using deepfakes that alter benign photos, the FBI warned.
Jun. 5: Security Week reported, “Taiwanese computer components maker Gigabyte has announced BIOS updates meant to remove a backdoor feature that was recently found in hundreds of its motherboards."