Emerging Cybersecurity Threats Affecting Online Retailers
Online retailers are amongst the most favorite of targets for all hackers, the simple reason being that retailers process customer data in large number on a day-to-day basis. Another reason is that many retailers, especially smaller companies, don’t take necessary steps to protect themselves from cybercriminals and hence it becomes easy for attackers to target and attack them.
It is a widely known fact that hackers today target not just the big companies; they are after smaller ones as well. Big companies might have the resources to combat cyberattacks and to bounce back into business, even after massive breaches. Smaller businesses have to keep in mind that they might not have the resources- especially the money- that’s needed to bounce back into business after major cybersecurity breaches. The damages caused by such a big attack could send them totally out of business. Thus, it would be best to understand the cybersecurity risks that retailers, both big and small, could face and take steps to counter and mitigate them. Here’s a look at the emerging cybersecurity threats that affect online retailers today…
Supply chain attacks – No direct access to retailers’ systems needed!
Supply chain attacks take place when attackers breach the security of third-party connections that have something to do with retailers, especially peers and companies that facilitate operations for the retailers. Such attacks could ultimately lead to data breaches for the retailers themselves. Thus, an attacker who breaches the security of the suppliers associated with a retail company could, without accessing the retailer’s systems, get access to data associated with the retailer’s business. Similarly, by breaching systems of a shipping company or the online SaaS products integrated with a retailer’s business, hackers can get access to data pertaining to the retailer. Partners and clients of online retailers would be having direct access to the retailers’ core systems and thus by breaching and gaining access to the networks of these partners and clients, hackers could ultimately get access to retailers’ networks as well. Hence, by carrying out supply chain attacks targeting partners, clients, business associates, suppliers etc with vulnerable systems and networks, hackers can cause great damages to online retailers. This proves that it is of utmost importance that online retailers always stay vigilant as regards choosing app integrations and also that they should avoid connecting with businesses that have poor cybersecurity practices in place.
Ransomware attacks – Widespread and devastating!
Ransomware attacks have become widespread in recent times, especially in the last couple of years. Online retailers are among the worst hit as regards ransomware strikes happening all across the world. This is because a ransomware attack, which involves the encryption of all data in targeted systems and networks, could result in any retailer being rendered unable to access all the data that’s stored in their systems. Retailers store lots of customer data and when such data becomes inaccessible and unusable, all business activities are thrown out of gear. The only way out, especially for those businesses who do not have a backup of their data, would be to pay the ransom that the cybercriminals demand for de-encrypting the data. For many small businesses, paying the ransom wouldn’t be that easy. Moreover, there have been instances when despite paying the ransom, the hackers wouldn’t de-encrypt the encrypted data. Hence, the best solution would be to practice good internet hygiene, with special importance being given to protecting the network against phishing attacks, and also to ensure that there is always a properly updated back up of all important and sensitive data.
Return and refund frauds – Quite common!
Return and refund frauds have become quite common these days. There are instances when fake receipts are used to get refunds on products that were never purchased. There are also instances when hackers order goods using stolen credit cards or breached card/banking data and then request a refund to be processed through another card or account. In some other cases, some people order and collect goods, and then file complaints claiming that their order was never shipped. Such return and refund frauds are quite common these days. Most reputable retailers today have a return and refund policy. Since the criminals come up with all kinds of innovative techniques to do such frauds, the best thing that any online retailer can do is to keep updated as regards the return and refund fraud landscape and take sufficient steps to protect themselves against such frauds.
Exploiting IoT vulnerabilities- An emerging trend!
With more and more IoT (Internet of Things) devices being used at different stages of the retail business, exploiting IoT vulnerabilities is now an emerging trend. Retailers use IoT devices in the different stages of the supply chain- in tracking supplies, in monitoring warehouses, in sorting and restocking supplies etc. They also use IoT devices to automate tasks at the stores. But many retailers today ignore the security aspect of these IoT devices and as a result, they get targeted by hackers. Hackers can, through an IoT attack on the supply chain, reroute all supplies for a retailer to some other location and thus cause great damages to the retailer. IoT vulnerabilities can also be exploited by a hacker to breach an online retailer’s business network and steal sensitive data from the network. Hence all businesses in the retail sector should invariably make it a point to secure all IoT devices that they use and keep all hardware/software updated with latest security patches.
Account Takeover (ATO) frauds- Causing reputation damage!
Hackers might make orders using stolen account credentials and then change the shipping location so that the order gets delivered into the hands of the hacker and not to the account holder. Since such accounts would mostly be registered with the retailer, the hacker’s activity would be seen only as normal customer activity. Trouble starts when the customer notices the purchases, mostly at a later stage and then reports it. The retailer might have to refund the lost money to the customer and there are almost zero chances of recovering the stolen goods. Such frauds and the costs involved might not affect the business financially beyond an extent, but it would certainly cause reputation damage, which eventually could impact the business in a negative manner. Customer trust, as we all know, is important for any online retailer and ATO frauds impact customer trust in a negative way. To protect themselves from ATO frauds, retailers can make necessary varying degrees of authentication before any purchase is made. This could make it somewhat difficult for hackers to carry out ATO frauds.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.