As Black Friday and Cyber Monday edge closer, retailer need to tread cautiously in terms of cybersecurity. Just as consumers are in the insights of rogue actors and at risk from fraud, so too are businesses.
This is the warning that comes from Tom Callahan, Director of Operations, MDR, at PDI Software.
Callahan explains to Digital Journal that cybersecurity is equally as a big a risk to shopping over the Holiday period as the supply issues that are making the headlines. The biggest challenge is in the form of ransomware and its variants. This is to the extent that ransomware remains the fastest-growing category of cybercrime, occurring globally every 11 seconds.
Callahan notes: “Leading up to Black Friday and Cyber Monday, consumers have been hearing about potential issues with retail and delivery supply chains. Although there are a lot of reasons why certain products might not be on store shelves or deliveries might be delayed, one reason we can’t overlook is cybersecurity.”
The modern world and increased globalization provides an explanation as to why these vulnerabilities occur and for how quickly they can spread from business unit to business unit.
Callahan states in relation this conundrum: “Because the retail supply chain is increasingly digital and interconnected, the entire chain can quickly be impacted by a single cyberattack on one company along the chain. For instance, we’re now seeing what used to be simply ransomware attacks turning into extortionware attacks.”
Extortionware is the latest stage in the evolution of ransomware. According to Emisoft: “No longer content with simply encrypting a victim’s files, threat actors are increasingly using ransomware incidents as an opportunity to steal huge swathes of sensitive data, which is then used as leverage in high-stakes extortion attempts.”
Callahan looks further at the ransomware problem, noting that to some not paying is a good policy as it discourages the groups behind the attack. However, this also gives the rogue actors a rich stream of data to plunder. Callahan says: “If a business gets breached and decides not to pay the ransom to get their data back, cybercriminals are now using that data to extort not only the business, but the customers and partners of that business as well. As a result, the blast radius of a cyberattack can escalate very quickly across a wide footprint. That has the potential to completely disrupt the retail supply chain.”
So, what is to be done? Callahan recommends: “To guard against that, companies need to follow their established security best practices and maintain vigilance.”
However, business must “Also be wary of how interwoven their supply chains are. They must be able to protect sensitive data and maintain secure access points as they interact with other businesses through the cloud.”
