As the holiday season approaches, the increase in online shopping
heightens the risk of cyberthreats. These threats have surged in recent years,
making this period an optimal time for cybercriminals to exploit
vulnerabilities in IT and network infrastructure. Retailers are one of the most
at risk, facing an increase in common cyberattacks such as data breaches
and phishing.
To stay safe, companies must proactively address vulnerabilities
and fortify their infrastructure against risks, as cybercriminals often exploit
the surge in online activities. With 89%
of retailers affected by ransomware reporting revenue or business losses,
the cost of retailers not doing so can result in downtime and significant
financial losses. Tech experts below have elaborated on how to stay safe this
holiday season and ensure IT system uptime.
++
Bruce Kornfeld, Chief Product Officer at StorMagic
"For retailers, an IT outage during peak times like the lead up to
the winter holidays can be a significant setback. It's the busiest shopping
period of the year, especially for brick-and-mortar establishments, and
therefore being able to cope with an influx of customers and trust that their
IT isn't going to fail them is crucial. When you're a retailer with stores at
the edge and your corporate IT is hosted from headquarters, hundreds or
thousands of miles away, being able to keep your edge systems up and running so
stores can keep processing transactions - and generating revenue - is critical.
To ensure this, a particularly effective approach is to implement
hyper-converged infrastructure (HCI), which combines storage, computing and
networking into a single system on-site. HCI simplifies management and offers
built-in benefits that are ideal for handling high-demand events. These systems
are often built with robust security in mind, offering integrated encryption,
authentication, and compliance features for protection against holiday-season
cyberthreats. Their easy scalability allows retailers to adjust resources up or
down as needed, so they can expand capacity before the holiday rush without a
major infrastructure overhaul and scale down afterward, maximizing
cost-effectiveness.
Crucially, HCI also provides integrated redundancy and high
availability for workloads, ensuring that if one component fails, another can
seamlessly take over to prevent service interruptions. This greatly reduces
downtime risks during crucial sales periods, giving retailers peace of mind
this holiday season."
++
Shobhit Gautam, Staff Solutions Architect at HackerOne
"Retail and e-commerce are prime targets for cybercrime during the
holiday season as threat actors become increasingly active. The complex design
of e-commerce platforms, featuring dynamic websites and applications, increases
the risk of information leaks due to poorly secured APIs, mismanaged user
input, and inadequate data management practices.
The use of AI also expands the retail attack surface. We found
that 48%
of security professionals believe AI is the most significant
security risk to their organization. I see a significant risk in how hasty AI
adoption could have negative consequences for retailers. For example,
GenAI-powered tools such as customer support chatbots have become very popular
to scale customer service and engagement. We've already seen a few retailers
suffer reputationally from AI chatbots going awry, and as retailers receive
more web traffic during the holiday months, there will be a higher chance bad
actors will seek to abuse chatbots. One way of minimizing the potential of
harmful inputs from chatbots is through community-led AI red teaming, which
tests AI systems for harmful outputs before bad actors can take advantage of
systems.
Consumers must also remain vigilant against social engineering
attacks, like phishing, when clicking on sale links and URLs. Retailers can
help spread the word about common scams and educate consumers to reduce the
chances their customers fall victim to these types of attacks."
++
Javed Hasan, CEO and co-founder at Lineaje
"The 2024 Deloitte Holiday Retail Survey found that
shoppers surveyed are more optimistic and plan to increase their spending by 8%
compared to last year. This puts immense pressure on retailers and the software
that enables transactions. From the carefully curated ad campaigns emailed to
consumers to online payment systems, software is the pulse of retail
organizations.
To deliver the latest software for the holiday season, retail
organizations typically have to meet strict deadlines. Developers will often
pull from existing open-source software components or take shortcuts to
complete a software project on time - focusing more on speed than safety and
security. In the chaos, inspecting the open-source or newly-built components
for vulnerabilities is typically an afterthought - or not a thought at all. As
a result, a faulty, potentially exploitable piece of software waiting to be
discovered. With the significant increase in demand and strain on resources
that the holiday season brings, combined with the diverse digital touchpoints a
retailer has, it's very likely that a threat actor could use the damaged
software to penetrate a retailer's network without being noticed by the
security team. We've seen this play out in real-life with recent cyberattacks
impacting retail chains such as Torrid and Hot Topic.
During the holiday season, retailers must set aside time to do the
following:
- Prioritize Software Maintenance - Retailers should
prioritize regular software updates and patches to address known
vulnerabilities. This will ensure that all software used has incorporated
bug fixes and has installed the latest security patches.
- Analyze Third-Party Software - Retailers should conduct
assessments of third-party software providers, especially since 80-90% of
software originates from open-source components. According to a research
report, 82% of open-source software is
considered ‘inherently risky,' so retailers must stay vigilant in
assessing and mitigating any third-party software to understand its
lineage.
Assess New Software
Integrations - Retailers must conduct a thorough evaluation of risk and
vulnerabilities when integrating new software into existing systems. It is
imperative to maintain a Software Bill of Materials (SBOM) to validate the
security and compliance of both older and new software against any applicable
legislation."
##