The Retail Industry and the Persistent Digital Threat Landscape
In today’s age of digital transformation, retailers have changed the ways in which they interact and engage with consumers — starting with online shopping and e-commerce experience. In order for retail organizations to remain competitive, an omnichannel experience is critical, and with that, retail organizations are relying heavily on websites, mobile apps, online marketplaces, and social media to promote products, sell goods and even provide customer service.
As competition to acquire and retain customers continues to increase, many retailers are also expanding their efforts to include social media and digital advertising platforms to enter new markets, generate awareness, and connect with potential customers. However, retailers aren’t the only ones that are targeting the opportunities online and digital platforms offer. Cybercriminals also recognize the opportunities that online platforms represent for retailers, and are seeking to exploit their market share and revenue potential.
Let’s explore how the retail industry has become a growing target for cybercriminals, including what types of attacks retailers and consumers should be on the lookout for.
With the Growth of E-Commerce Comes the Growth of Online Threats
When retailers and consumers engage with one another, it usually involves the exchange of information and money — including credit card numbers, addresses, and other sensitive and personally identifying information. ICSC finds opening a new store increases traffic to retailers’ websites by an average of 37 percent, and drives up share of web traffic within that market by 27 percent. With the rapid growth in online retail markets, cybercriminals are looking to capitalize on the customer loyalty retailers have built to maximize their potential returns.
Through malicious website domains, counterfeit goods, coupons, gift card scams and even impersonations on social media, bad actors have the ability to engage directly with unwary consumers in a way that they previously could not. A recent report found that retailers endure over six instances of brand abuse and impersonation daily, on average — this is double what financial institutions endure. In order to protect their brand reputation as well as their customers, retailers need to know how they're being targeted and how to protect themselves.
Understanding Digital Risks
As omnichannel support continues to enhance and improve the customer experience, cybercriminal techniques and attack tactics improve as well. Threats from cybercriminals evolve as the persistent digital threat landscape facing the retail sector continues to change. Here are the top and most commonly used tactics by cybercriminals to plan and execute attacks on retailers:
- Domain-based attacks: Malicious, spoofed and impersonating domains represent the largest attack tactic targeting the retail industry.
- Customer scams: Scams offering “something for nothing” frequently target consumers, including gift card, coupon and giveaway scams.
- Counterfeit goods: Fake versions of legitimate products, posted to marketplaces and malicious domains, hijack revenues and represent risks to brand reputation and customer trust.
- Impersonations: Bad actors pretend to be retailers and their high-profile executives on social media to gain direct access to scam employees and consumers.
Retailers must recognize that with the transformation to online shopping, they must address inherent risks that come with the use of digital platforms. Retail organizations that wish to mitigate their risk in social and digital channels can take a number of steps to protect both their brands, executives and employees, and their customers, including:
- conduct a digital asset inventory audit to understand your organization’s digital footprint and each asset that needs to be monitored;
- monitor and protect all digital and social media platforms to identify potential threats;
- monitor for compromise and take quick action to mitigate damage; and
- educate employees to encourage compliance with policies and standards pertaining to social media, phishing attacks, and other risks specific to your company.
Ashlee Benge is a senior threat researcher at ZeroFOX, the innovator of social media and digital security, protecting modern organizations from dynamic security, brand and physical risks across social, mobile, web and collaboration platforms.