Security Pitfalls for Supply Chain and Retail Uncovered

In today’s age of digital transformation, web applications are the power behind how things get done across industries — and the retail industry is no exception. From e-commerce tools to productivity solutions on mobile devices, retailers around the world rely on these applications to connect to their customers, employees and suppliers. However, with all of these options to increase productivity and overall customer experience comes heightened security risks.

Threats to application security are an ever-growing concern, especially as they evolve in frequency, method and complexity. As these technologies evolve, security threats are keeping pace. To truly understand application attacks and the challenges that organizations face across industries, Radware released its second annual survey, Radware 2018 The State of Web Application Security. The company surveyed senior executives and IT professionals at companies with worldwide scope to learn more about the impact of applications attacks on their operations. The findings show that hackers are exploiting vulnerabilities at the application level by accessing and stealing digital assets or causing service slowdowns that impact productivity or a customer's ability to complete a transaction — different types of attacks with different outcomes.

For retailers and their suppliers, the survey results bring to light clear warning signs, especially with the rush to offer a mobile application, a new shopping button on their website or a seamless payment system, all with the ultimate goal of making it easier and quicker to move to final purchase. Each of these brings to light a new security challenge, and with that retailers need to consider the following:

• The ability for retailers to provide customers with the item they’re looking for comes at a cost. While retailers might be sharing customer data in order to provide more personalized customer experiences, they need to realize the risk it causes. For example, 43 percent of respondents are sharing data about user behavior, preferences and analytics, creating the potential for massive exposure.
• The journey from factory floor to a customer’s home requires a chain of applications to talk to each other … much of it's happening in insecure environments. Seventy percent of respondents don't require authentication from third-party APIs, 62 percent don't encrypt data sent by APIs, and a third (33 percent) allow third parties to perform actions. Retailers and those in the supply chain need to bake data security into their overall business strategies to close this gap and protect customers’ information.
• Those updates you think will improve your customer’s experience bring new risks. With one-third of all application types being updated on an hourly or daily basis, new concerns about securing applications in a rapidly changing environment are introduced.
• The next data breach may come back to haunt retailers. As a result of a data breach, 52 percent of respondents said their customers asked for compensation, 46 percent reported major reputation loss, 35 percent reported customer churn, 34 percent reported a drop in stock price, 31 percent reported customers took legal action, and 23 percent said executives were let go.

However, despite all of these red flags, companies across the board seem to have a false sense of security when it comes to their perceived abilities to mitigate threats despite experiencing high frequency of attacks. Most respondents reported weekly attacks against web applications or servers, with about a quarter reporting attacks on a daily basis. However, in the face of these frequent attacks, 90 percent of all respondents across regions were confident their security model is effective at mitigating most or all web application layer attacks.

All that said, how can retailers address the findings from this survey and use it to their advantage in improving data security? Retailers need to minimize their false sense of security by better understanding their security solutions as well as those of any vendors connected to their network or accessing their customer data. What’s more, implementing a synchronized attack-mitigation system will provide retailers with secure application protection against all threats, across all platforms and at all times.

Mike O’Malley is the vice president of strategy at Radware, a cloud security products and solutions services provider.