![\"Retail](\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png\")
<\/a><\/p>\n<\/p>\n
It\u2019s no secret that cybercrime is a growing threat to every organization, and retail companies are no exception. In fact, 80% of retailers experienced a cyberattack, according to a 2024 report, and 22% faced as many as 15 attacks. These incidents don\u2019t just result in lost sales: they can significantly damage brand reputation and erode customer trust.<\/p>\n
In particular, peak shopping periods like back-to-school and the holiday season create the perfect environment for cybercriminals to thrive \u2014 and carry out even more attacks. Consumers are busy, distracted and in search of deals, leaving even the most security-savvy shoppers vulnerable to scams that exploit the urgency and excitement associated with those times of the year.<\/p>\n
Cybercriminals are keenly aware of this, and have become experts at using social engineering and playing on cognitive biases to craft ultra-effective attacks \u2014 whether it\u2019s through fake websites, phishing emails or malicious texts \u2014 to trick shoppers into handing over their credentials and other personal information.<\/p>\n
Furthermore, advancements in AI have made it easier and faster than ever to design and execute these scams. Cybercriminals can use generative AI to instantly create convincing product images, write phishing emails in perfect brand voice or even build fictitious customer service chatbots, making it that much harder for shoppers to identify scams.<\/p>\n
But the onus isn\u2019t on shoppers to recognize and thwart these attacks \u2014 it\u2019s the responsibility of retail companies. Here\u2019s how retailers can level up their security strategy to protect both their brand and<\/em> their customers during peak shopping periods.<\/p>\n The biggest threat to retailers isn\u2019t ransomware or shoppers that don\u2019t follow security best practices \u2014 it\u2019s the complexity of the very systems in place to protect them. IBM\u2019s 2025 Cost of a Data Breach Report<\/em> cites security system complexity as a top contributor to increased data breach costs.<\/p>\n Most retailers have adopted a plethora of security point solutions in an attempt to protect themselves and their customers, but they\u2019ve neglected to address how to manage and integrate those solutions. As a result, detecting and containing attacks is more challenging and expensive \u2014 $207,914 more per data breach, per IBM\u2019s report.<\/p>\n Instead of accumulating different security point solutions, retail companies should seek out a security platform that allows for integrations with IT systems so that they can \u201ctalk\u201d between one another to more effectively mitigate risk. A security platform provides the visibility required to spot and connect the dots between suspicious activities, rather than sifting through siloed alerts. This lets retailers contextualize potential threats quickly so they can take action before they escalate.<\/p>\n While technology has evolved dramatically in recent years, most cybercriminals are still using basic techniques to carry out their attacks \u2014 simply because they still work. Therefore, retailers should ramp up their security fundamentals to better protect their brand and customers.<\/p>\n For example, phishing attacks remain a go-to tactic for stealing credentials and other personal information from shoppers. There are multiple ways to catch phishing attacks before, during and even after credentials have been stolen, and the same techniques that have been used for decades still apply today.<\/p>\n Techniques like embedding beacons in website code and monitoring refer logs can clue in retailers on when fake websites are copying or redirecting their content. Additionally, retail companies can register lookalike domains to guide shoppers to their legitimate website, which gives cybercriminals fewer opportunities to exploit shoppers. If credentials are stolen, tools like two-factor authentication (2FA) and multi-factor authentication (MFA), behavioral anomaly detection, location-based validation and even biometrics can block unauthorized access.<\/p>\n If security is burdensome or clunky, shoppers won\u2019t hesitate to go elsewhere. In addition to preventing attacks, retailers need to focus on reducing friction for customers who want to enable stronger security. Ideally, protecting one\u2019s information should be as simple as a single click to opt-in.<\/p>\n Robust authentication methods like 2FA and MFA, passkeys and magic links are crucial for protecting customer information \u2014 especially during peak shopping periods. However, it\u2019s equally important for retailers to make these protections easy to opt-in and use. Otherwise, customers will avoid them in favor of easier, less-secure options.<\/p>\n To encourage adoption, retail companies should provide information on the benefits of opting in to these safeguards and ensure setup is seamless. They can even offer small incentives \u2014 like exclusive discounts or early access to sales \u2014 for customers who opt-in.<\/p>\n Cyberattacks in retail aren\u2019t going anywhere. They\u2019ll only continue to increase in volume, sophistication, and impact. By reducing complexity, doubling down on fundamentals and streamlining security for shoppers, retailers can better protect their business and their customers during peak shopping periods. Retail companies that take action now<\/em> will be well-prepared to keep up with evolving threats and support better business outcomes overall.<\/p>\n Etay Maor is the Chief Security Strategist at <\/em>Cato Networks<\/em>, a founding member of Cato CTRL, and an industry-recognized cybersecurity researcher.\u00a0Prior to joining Cato in 2021, Maor was the Chief Security Officer for IntSights (acquired by Rapid7), where he led strategic cybersecurity research and security services. Maor has also held senior security positions at Trusteer (acquired by IBM), where he created and led breach response training and security research, and RSA Security\u2019s Cyber Threats Research Labs, where he managed malware research and intelligence teams.\u00a0Maor is an adjunct professor at Boston College and is part of the Call for Paper (CFP) committees for the RSA Conference and Qubits Conference. He holds a Master\u2019s degree in Counterterrorism and Cyber-Terrorism and a Bachelor\u2019s degree in Computer Science from IDC Herzliya.<\/em><\/p>\n<\/p><\/div>\nReduce Internal Security Complexity<\/strong><\/h3>\n
Go Back to Security Basics<\/strong><\/h3>\n
Simplify Security for Customers<\/strong><\/h3>\n
\n