The dust might have settled on the Black Friday weekend, but the hard work has just begun for retailers across the globe. Some make more than a third of their annual revenue in the busy shopping period that roughly begins during Thanksgiving and ends in the early January sales. And as inflation continues to depress consumer demand, most will be wanting to squeeze as many sales as possible from shoppers.
But where there’s money and consumers, there’s also data and digital thieves. That’s why organizations can’t afford to take their eye off the ball this Christmas. A cyber-secure business is one built on strong data protection.
The threat before Christmas
US consumers alone spent over $9bn on Black Friday weekend in 2022 and this year could be even more successful. The National Retail Federation estimates that total retail sales could top $960bn for November and December 2023. In the UK, the surge in sales may be slightly more muted at 3.4%, but as Europe’s largest e-commerce market they will still top £109bn (£137bn).
But the busy shopping season is also a magnet for threat actors. They bombard shoppers with phishing emails and texts, and scam websites. They use stolen data in an attempt to defraud retailers. And they may also look to take advantage of distracted IT teams to target back-end data stores. That’s because, at the busiest time of the year, the primary goal for most retailers is understandably to make as much revenue as possible. That means the focus is often more on website/app availability rather than security. It’s why many retailers reduce fraud checks to wave through more orders. Tech experts may also be pulled from traditional roles to support this push.
That may be a false economy if it leads to a serious data breach. An incident could lead to:
- Reputational damage leading to lost sales
- Operational outages (and lost sales) as resources are diverted from other areas to deal with the aftermath of a breach
- Regulatory fines stemming from data exposure
- Digital transformation projects put on hold during incident investigation
Building security from the ground up
As more retailers invest in digital infrastructure to drive online sales, they mustn’t forget the other side of the coin: cybersecurity. A recent study found that a quarter (28%) of e-commerce web apps lack a web application firewall (WAF), including 24% of apps that collect personally identifiable information (PII). Half are riddled with vulnerabilities, while 2% of these apps still lack HTTPS.
That could provide a readymade pathway for threat actors to reach valuable customer data. Yet no matter how well retailers guard their web app and network perimeter infrastructure, a determined attacker will always find a way through. That’s why the focus for security strategy should be the data itself.
comforte’s Data Security Platform delivers:
- AI-assisted data discovery to continuously find and then classify all sensitive data in the enterprise, including across multiple cloud environments
- Multiple protection methods for pseudonymization and anonymization, while preserving data utility for processing and analytics
- The ability to protect cardholder data with strong cryptography during transmission over open, public networks
- Access control and authentication capabilities to restrict access to cardholder data to only authorized personnel
Protecting sensitive customer PII and card data at source means that, even if threat actors manage to breach enterprise cyber-defenses, that data will be effectively useless to them. With comforte, retailers have the peace-of-mind not only that their data is secure, but that they can achieve compliance with GDPR and PCI DSS.