Virtualization Technology News and Information
Article
RSS
This Holiday Season: Retail Best Practices for Cyber Safety and Uptime for IT Systems

holiday-season-cybersafety 

As the holiday season approaches, the increase in online shopping heightens the risk of cyberthreats. These threats have surged in recent years, making this period an optimal time for cybercriminals to exploit vulnerabilities in IT and network infrastructure. Retailers are one of the most at risk, facing an increase in common cyberattacks such as data breaches and phishing.  

To stay safe, companies must proactively address vulnerabilities and fortify their infrastructure against risks, as cybercriminals often exploit the surge in online activities. With 89% of retailers affected by ransomware reporting revenue or business losses, the cost of retailers not doing so can result in downtime and significant financial losses. Tech experts below have elaborated on how to stay safe this holiday season and ensure IT system uptime.

++

Bruce Kornfeld, Chief Product Officer at StorMagic

"For retailers, an IT outage during peak times like the lead up to the winter holidays can be a significant setback. It's the busiest shopping period of the year, especially for brick-and-mortar establishments, and therefore being able to cope with an influx of customers and trust that their IT isn't going to fail them is crucial. When you're a retailer with stores at the edge and your corporate IT is hosted from headquarters, hundreds or thousands of miles away, being able to keep your edge systems up and running so stores can keep processing transactions - and generating revenue - is critical.

To ensure this, a particularly effective approach is to implement hyper-converged infrastructure (HCI), which combines storage, computing and networking into a single system on-site. HCI simplifies management and offers built-in benefits that are ideal for handling high-demand events. These systems are often built with robust security in mind, offering integrated encryption, authentication, and compliance features for protection against holiday-season cyberthreats. Their easy scalability allows retailers to adjust resources up or down as needed, so they can expand capacity before the holiday rush without a major infrastructure overhaul and scale down afterward, maximizing cost-effectiveness. 

Crucially, HCI also provides integrated redundancy and high availability for workloads, ensuring that if one component fails, another can seamlessly take over to prevent service interruptions. This greatly reduces downtime risks during crucial sales periods, giving retailers peace of mind this holiday season."

++

Shobhit Gautam, Staff Solutions Architect at HackerOne

"Retail and e-commerce are prime targets for cybercrime during the holiday season as threat actors become increasingly active. The complex design of e-commerce platforms, featuring dynamic websites and applications, increases the risk of information leaks due to poorly secured APIs, mismanaged user input, and inadequate data management practices.

The use of AI also expands the retail attack surface. We found that 48% of security professionals believe AI is the most significant security risk to their organization. I see a significant risk in how hasty AI adoption could have negative consequences for retailers. For example, GenAI-powered tools such as customer support chatbots have become very popular to scale customer service and engagement. We've already seen a few retailers suffer reputationally from AI chatbots going awry, and as retailers receive more web traffic during the holiday months, there will be a higher chance bad actors will seek to abuse chatbots. One way of minimizing the potential of harmful inputs from chatbots is through community-led AI red teaming, which tests AI systems for harmful outputs before bad actors can take advantage of systems.

Consumers must also remain vigilant against social engineering attacks, like phishing, when clicking on sale links and URLs. Retailers can help spread the word about common scams and educate consumers to reduce the chances their customers fall victim to these types of attacks."

++

Javed Hasan, CEO and co-founder at Lineaje

"The 2024 Deloitte Holiday Retail Survey found that shoppers surveyed are more optimistic and plan to increase their spending by 8% compared to last year. This puts immense pressure on retailers and the software that enables transactions. From the carefully curated ad campaigns emailed to consumers to online payment systems, software is the pulse of retail organizations. 

To deliver the latest software for the holiday season, retail organizations typically have to meet strict deadlines. Developers will often pull from existing open-source software components or take shortcuts to complete a software project on time - focusing more on speed than safety and security. In the chaos, inspecting the open-source or newly-built components for vulnerabilities is typically an afterthought - or not a thought at all. As a result, a faulty, potentially exploitable piece of software waiting to be discovered. With the significant increase in demand and strain on resources that the holiday season brings, combined with the diverse digital touchpoints a retailer has, it's very likely that a threat actor could use the damaged software to penetrate a retailer's network without being noticed by the security team. We've seen this play out in real-life with recent cyberattacks impacting retail chains such as Torrid and Hot Topic.

During the holiday season, retailers must set aside time to do the following: 

  • Prioritize Software Maintenance - Retailers should prioritize regular software updates and patches to address known vulnerabilities. This will ensure that all software used has incorporated bug fixes and has installed the latest security patches.
  • Analyze Third-Party Software - Retailers should conduct assessments of third-party software providers, especially since 80-90% of software originates from open-source components. According to a research report, 82% of open-source software is considered ‘inherently risky,' so retailers must stay vigilant in assessing and mitigating any third-party software to understand its lineage. 

Assess New Software Integrations - Retailers must conduct a thorough evaluation of risk and vulnerabilities when integrating new software into existing systems. It is imperative to maintain a Software Bill of Materials (SBOM) to validate the security and compliance of both older and new software against any applicable legislation."

##

Published Friday, December 13, 2024 7:37 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2024>
SuMoTuWeThFrSa
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234