Through the development of new and more advanced malware, cyber criminals are becoming ever more focused on the volume and nature of data held on retailers’ IT systems. The attack on the U.S. retailer Target in late 2013 has led to reports of at least another 40 retailers in 10 different countries also being attacked, potentially losing a vast quantity of customer card information. This is compounded by the recent news that Tesco has lost over 2,000 of its Clubcard account details following a breach in the UK.
It would seem that, despite improvements in data security, the risk to retailers from cyber-attacks isn’t going to be decreasing anytime soon.
Why are Retailers Being so Heavily Targeted?
Retail chains are now leading the way when it comes to collecting and homogenising consumer data, with the average retailer actively collecting a wealth of personal, financial and confidential information. This information, in its raw form, is often as valuable to criminals as it is to the retailers who collect it.
Retailers now hold such vast quantities of valuable information that they can be a one-stop shop for data thieves. The result is an obvious opportunity for cyber-criminals to obtain large quantities of information from a single source.
More Than Just Data Loss
Whilst the theft of data can cause major legal implications for retailers, there are other ways in which cyber criminals are damaging companies such as denial-of-service attack or system downtime.
Bringing down an e-commerce website or point-of-sale system can cost millions in business interruption costs as customers deviate to other retailers, some of which may not return to their previous provider. Denial-of-service attacks (DoS attacks) are now a major weapon in a cyber-criminals arsenal to seriously damage a business’s operations. System down times are not only caused by DoS attacks, but can be the result of malware, hacking or even an operational error or malicious act by an employee.
Managing disruptions in service and legal liability may be the least of your concerns when a suspected breach has been reported. Whilst data forensics has become extremely sophisticated in recent years, these developments have come at a cost. Data storage forensics, network investigation and penetration analysis can result in a huge expense before a breach has even been confirmed.
A strong brand takes a generation to build, but only a moment to destroy.
Customers expect more from a brand than a product or service of consistent quality. A modern consumer entrusts their information; their names, addresses, birthdays, card information and shopping habits—information they would be uncomfortable giving to a stranger. Losing that information, or failing to protect it in a reasonable manner, can do irreparable damage to a brand in the mind of its consumers—which, of course, is all a brand really is.
With the number of commercial cyber-attacks breaking its own record each year, retailers are actively investigating new ways to mitigate their risk and minimise exposure.