CIOs should know that data breaches do not spare any industry; the retail and e-commerce are no exception. According to the 2018 Thales Data Threat Report, 50 percent of retailers experienced some kind of data breach in the past year.
These breaches are mostly caused by cyber-attacks and third party access into the systems of retail companies, with the payments category being the main target. With the evolution of online shopping and providing card information online, it has become not only easy but popular to access such information and to sell it on the Dark Web.
The global Internet security market is expected to grow from $31.17 billion in 2017 to reach $76.01 billion by 2026 with a CAGR of 10.4 percent.
Retail industry is among the top affected of all industries, with retail and accommodations industries combined ranked No. 2 in breaches, representing 15 percent of the 1,935 breaches last year, according to Verizon’s 2017 Data Breach Investigations Report.
Not surprisingly, the financial impact associated with cyber-attacks is growing. It is found that the average cost of data breach globally is $3.86 million, a 6.4 percent increase from 2017. The costs are heavily impacted by the amount of time spent to contain the data breach, as well as investments in technologies to deal with them.
CIOs are worried about the increase in cost for security protection at retail sector. Research firm Forrester estimates that application whitelisting costs $20 to $50 per endpoint per year, and application integrity protection can be up to $60 per endpoint per year.
In comparison, traditional anti-malware solutions are around $10 to $25 per endpoint per year and can be significantly less for large enterprises, around $5 per endpoint per year, Forrester said.
Meanwhile, reports reveal that 80 – 90 percent of the people that log in to a retailer’s e-commerce site are hackers who use stolen data. Macy’s who faced a minor data breach last year, also went through the same situation.
It was reported that around 753 New Hampshire residents were affected although an exact number was never released. Online shoppers in the website between 26 April and 12 June could have had their personal information and credit card details hacked by a third party.
A data breach can threaten not just customers and their privacy, but also the brand’s image and how it will affect their market. According to a recent KPMG study, 55 percent of consumers surveyed globally have decided against purchasing something online due to privacy concerns.
On 28 June 2018, Adidas announced that a third party claimed to have acquired customer data which includes contact information, usernames and encrypted passwords, from its U.S. website. Although no exact evidence was found, the company has warned US customers about a potential data security incident.
Delta, Sears and Kmart have also reported similar situations concerning the possibility of a data breach between September 26 and October 12 in 2017. The companies claimed that no customer’s data was directly affected and that the breach was merely a malware attack, Delta has offered free credit monitoring, just in case. The companies have also defended the situation with statements that their systems are now secure.
KMart has also taken action against the situation by partnering with federal law enforcement authorities, IT security firms and their banking partner, First City Bank to upgrade its users with new security systems. One of which includes a CardValet, which is a card that can protect customers information from any exposure to fraud or unknown access.
An app to manage these CardValets has also been made available to download, which will provide users with real time alerts when a transaction is attempted, declined or both.
Data breaches in the retail industry have become so popular that many users have become adamant to doing anything about it. The retailers, who never have to worry if they will lose customers, go on making the same mistakes every time.
Bloomberg reported that part of the reason as to why retailers pay very less attention to breaches is because share prices are rarely affected.
In the case of social media however, in particular Facebook’s Data Breach which affected 87 million users, an uprising was seen among the people who were protesting to ban Facebook.
The 2018 Trustwave Global Security Report found breaches affecting the e-commerce sector have expanded to 30 percent, up from 26 percent in 2016. This may be because of increased connections with third-party firms and credit card processors.
This marks a concern to the retail industries which are looking to keep their company secure and minimize the negative impact of a security breach. Enough preparation and ensuring that their software is updated to avoid weak spots for hackers must be considered.
Yadawanka Pala
