Posted: 25th November 2019

The security challenges facing our markets have evolved dramatically since the early days of modern commerce. While defences have kept pace, at least somewhat, the criminal threat has never truly been extinguished.

With the continuing globalisation and digitalisation of retail, opportunities for fraud, theft and cyber-crime will only increase. And as we enter the busiest shopping period of the year, retailers and their customers face increased risk.

There are plenty of Grinches out there looking to steal Christmas and criminals looking to take advantage of the Black Friday rush. 

Is your business doing all it can to protect its customers?

The security arms race

At the turn of the 20th century, banks relied on massive, steel-lined vaults to protect their assets. At the same time, business-owners across the world defended their family stores with firearms and sturdy locks.

As the decades passed, we started to see more advanced, less obvious security measures being adopted. Banks began to use explosive ink packs to mark stolen money while retailers started making use of electronic article surveillance and, more recently, sophisticated smokescreens and ‘SmartWater’.

Financial services firms and retailers have always borne the brunt of theft, robbery and other forms of criminal action. Both sectors provide prime targets for criminals hoping to steal money, information, material and products, and both have had to develop their own defences against these threats.

But it is the financial services sector that has invested the most and made the most unified effort to deter potential attackers. However, we still see plenty of headlines that demonstrate that businesses in this space are far from invulnerable.

With the ever-increasing investment of both money and expertise (as well as the twin drivers of more robust regulation and intense public scrutiny), financial services certainly has the edge over the retail sector. Because of this, criminals have moved along the ‘value chain’ in search of softer targets and easier vulnerabilities to exploit.

Today, this means the retail sector and its customers are in the firing line.

The British Retail Consortium (BRC) acknowledges that the cyber threat to the retail industry is significant and is only growing. In their own crime survey of 2019, the BRC reported that nearly 80% of retailers have seen an increase in the amount of cyber-attacks and cyber breaches since 2018.

At peak commercial times like Christmas and the upcoming Black Friday / Cyber Monday period, cyber criminals have much to gain.

Black-out Friday and Cyber-crime Monday

In recent years, Black Friday, a shopping tradition ported over from the United States, has increased the value and volume of shopping during the festive period. Black Friday, the last Friday of November, is now marked by mad rushes into shops as soon as the roller-shutters open, eager customers racing towards bargains. Billions of pounds will be spent in our high-street stores and online.

Black Friday has also evolved into more of a week-long 'festival of sales' than a single day event, with stores offering enticing offers for a long period of time. According to the British Retail Consortium, Black Friday buying has overtaken the more traditional (in Britain, at least) Boxing Day spending frenzy.

We’ve also seen Cyber Monday become an annual fixture, with many online retailers offering discounts on their products on the Monday following Black Friday.

UK shoppers reportedly spent close to £1.5 billion on online products and services during the Black Friday period of 2018, and that number has only increased year on year.

And as people get caught up in the excitement of purchasing Christmas gifts, and rushing to secure the best deals on Black Friday, criminals and fraudsters will be circling.

Dealing with the ‘Ghosts of Cyber-Crime Past, Present and Future’

Customers and businesses have been reminded, once again, of the great importance of being “fraud-wise”, especially in the lead-up to the Black Friday and Christmas shopping periods.

Only the other day, the Gardaí of the Republic of Ireland and the bank-backed FraudSmart organisation issued an alert, calling on customers to be “extremely cautious” as we move towards the end of 2019. The group make the point that fraudsters are becoming more technologically savvy and operating on a greater scale than ever before, targeting vulnerable customers in particular.

Customers should be on the lookout for unexplained communications from fraudsters pretending to be banks or retailers. They will probably be seeking personal details and security info, perhaps offering a chance to get hold of in-demand products. One tactic employed by such criminals at this time of year is using websites to offer unlawful and unregulated loans, often for an advanced fee.

Businesses should do their part to educate customers on fraud, letting them know, in clear terms, what they could expect from genuine communications. Criminals not only attack the purses of customers and profits of businesses, they also attack and tarnish reputations.

Naturally, e-commerce makes for a juicy target for criminals. Because shopping online requires vast amounts of customers’ personally identifiable information (PII) to be uploaded, a criminal who is able to get their hands on such data can defraud customers, sell information on the 'dark web' and cause severe damage to businesses. Those found to have ‘left the door open’ to criminals, whether inadvertently or not, will pay the price in loss of customer-trust and will see customers leaving in droves for their own security’s sake.

As retailers approach their busiest time of year, we wanted to provide five key recommendations for enhancing your defences and protecting your customers:

  • Make sure that you have the most up to date patches on your e-commerce and IT systems
  • Stress test your system before the busiest periods to understand how they will deal with capacity
  • Practice the 'failover’ system' so that you know you have a resilient system to switch to in the event of an attack
  • Rehearse what you will do in the event of a cyber attack, considering how you will communicate breaches or an incident to markets, customers and industry
  • Consider how you are staffing the busy period, both in store and online

Ensuring your have a very Merry Christmas

Cyber-crime is a growing threat to all businesses and the consumers that trust them.

Christmas, Black Friday and Cyber Monday are the busiest time of year for shoppers and criminals alike. Businesses need to take a strategic and comprehensive view of how they defend themselves. 

Our latest white paper, Cyber Security in the Boardroom, provides an ideal starting point for all those who need to have such important conversations.

Gadhia

Stephen Head and Mike Peckham

Gadhia Consultants

Stephen and Mike, Managing Partners, represent Gadhia Consultants within Huntswood. They provide cyber security assurance to firms across a variety of sectors.