How Retailers Can Protect Themselves From Cyber Attacks

The e-commerce industry is booming, generating $231 billion in sales for U.S. retailers last year and is expected to increase 13 percent to $262 billion this year, according to Forrester Research. The growth of e-commerce, which already accounts for about 8 percent of total retail sales in the U.S., is expected to outpace sales growth at brick-and-mortar stores over the next five years, reaching $370 billion in sales by 2017. Retailers are investing in e-commerce strategies and user-friendly, attractive websites to help meet consumer needs and stay competitive. To deal with the demands of contactless payments, in-store point-of-sale (POS) systems are being upgraded to speed up the payment process.

Yet at a time where the success of the industry should be grabbing the headlines, what we're seeing instead is a huge number of articles detailing cyber attacks against retailers. These attacks impact brand reputation, customer confidence and ultimately affect the bottom line of the businesses involved.

Not a day goes by that we don't see an attack on an organization's infrastructure in one way or another. Over the last few months, there have been several high-profile attacks on retailers such as Home Depot and Target. These attacks have been carried out using a variety of different methods, with POS malware being involved in many cases. Millions of credit card numbers have been compromised and made available to criminals, with significant costs for credit card issuers due to fraudulent transactions and lost customer trust in the retail brands involved.

On top of this, distributed denial-of-service (DDoS) attacks continue to target e-commerce websites, causing slowdowns and availability issues. DDoS attacks are on the rise, with the largest ever DDoS attacks in terms of traffic volume occurring in the first half of 2014. According to Arbor Networks’ ATLAS threat monitoring infrastructure, there were an unparalleled number of volumetric attacks in the first half of 2014, with over 100 attacks larger than 100GB/sec reported.