This Black Friday, retailers need to think carefully about how they can keep their platforms, and their customers, secure.
Black Friday 2020 promises to be like no other we’ve experienced before. With varying lockdown measures in place across the UK, most high streets will be empty on the most profitable shopping day of the year. Instead, Covid-19 is forcing the masses to turn to their laptops and mobiles for eye-watering deals for the festive season curtain-opener.
According to Wunderman Thompson Commerce, the UK’s Black Friday spending is expected to reach £5.5bn – and the vast majority of that spend will be generated from online sales. For retail, this means sky-high levels of web traffic and a significant surge in revenue to begin the festive period. However, it also creates a potential gold mine for hackers, who will no doubt be looking to take advantage of retailers who haven’t created an airtight security system for their online platforms.
The cloud is expected to play a pivotal role in helping retailers both host thousands of shoppers online and keep their security in check. With that in mind, Help Net Security has spoken with industry experts offering advice on how retailers can leverage cloud technology to avoid Black Friday Disaster.
Flexibility between CSPs to avoid external vulnerabilities
As retailers prioritise delivering a seamless online experience over security, Gijsbert Janssen van Doorn, Director Technical Marketing at Zerto, explains that if he was in a hacker’s shoes, he would target cloud service providers (CSP), rather than specific retailers.
“What many might not realise is that attackers may target the CSP, rather than the retailer itself. Take Amazon Web Services (AWS) for example. AWS provides users with the platform, it provides the security and it even provides a guide to security configuration. However, one size doesn’t fit all, so it leaves the configuration itself up to the user.
“A misconfigured AWS setup leaves an open door to any malicious actor, and once the firewall is breached a hacker can gain access to anything they want.”
However, all hope is not lost, and mitigating attacks on a CSP is actually quite simple, according to van Doorn: “Other than configuring their CSP setups correctly, retailers can put themselves in a position where they can freely move between different CSPs.”
Many organisations are dependent on various cloud use cases. These typically have different requirements for different kinds of applications, so a multi-cloud IT strategy isn’t uncommon. If a retailer can leverage the right tool with platform-agnostic capabilities, it enables seamless mobility within their multi-cloud strategy.
“Should their CSP get exploited, this mobility allows them to quickly move to another cloud – which is protected – and ensure that their sites continue to be operational throughout such a busy day.”
Build your cloud security from the ground up
As the pace of digital transformation continues to gather momentum, Raif Mehmet, VP EMEA for Bitglass, agrees that one size doesn’t fit all, and a bespoke cloud presence tailored to each individual retailer is essential ahead of Black Friday.
“Retailers are embracing agile, cloud-based solutions to help them stay competitive. These include customer-facing systems for point of sale and digital signage to CRM, and other back-office applications for accounting and inventory management. And of course, for retailers in particular, the need to maintain PCI-DSS compliance across your SaaS, IaaS, and web services, is critical.
“Informed security teams are increasingly aware that the approach to security for the cloud needs to be built from the ground up rather than bolted on to legacy solutions and strategies that were designed for a world that’s now well in the past.
“Key to this is understanding how cloud services and websites are being used in their environments, and deploying solutions that enforce real-time access control, encrypt sensitive data at rest, and manage the sharing of data with external parties. As well as restricting risky activities and preventing breaches, this will protect against the loss of yours and my sensitive – and private – information.”
Use the latest technology to avoid latency issues
The latency of legacy infrastructure just won’t cut it in today’s always-on world. IT teams should be utilising the latest and greatest in cloud technology to ensure they can deliver the best service and ensure sensitive customer data remains secure. Jonathan Wright, Retail Industry Director at Six Degrees explained: “Your website’s uptime, performance and security are essential elements of the user experience you deliver.
“Cybercriminals are gearing up to target your ecommerce website. The retail industry has been one of the most targeted sectors for cyber-attacks in 2020 and that’s because data is the new currency for cybercriminals. No longer is it just about money and goods, the real value lies in customers’ personal data; easily stolen and easily sold online.
“The first step in preparations is to ensure the uptime, performance and security of your ecommerce website. This will enhance user experience and maximise conversions whilst minimising the risk to your business and your consumers from cyber-attack.”
Leverage cloud for both cyber and on-site security
While online sales will be under the spotlight for most retailers, those on-premise shops that remain open will not only need laser focus on their cybersecurity, but on-site security too, according to Rishi Lodhia, Managing Director EMEA at Eagle Eye Networks.
“Behind the Black Friday fun and Cyber Monday super-sized deals, lies the unsavoury truth that theft and fraudulent purchases are one of the biggest issues retailers face. In fact, the British Retail Consortium (BRC) estimates this amounts to over £1 billion a year.
“In addition to merchandising security, smart inventory management tools and other things like anti-theft signage, video surveillance is the single best way to prevent theft, enabling retailers to keep an eye on multi-store locations. If the worst does occur, today’s cloud-based video surveillance platforms have the capability to quickly pinpoint when an incident or theft occurred and share video evidence with the appropriate authorities. Unlike situations where authorities have to visit a store and download the images with a USB stick, the images can be shared easily and remotely by email or Whatsapp.”
Sometimes Black Friday deals feel like a steal in themselves. However, as we sit and wait in anticipation for this year’s event, retailers who have implemented the right precautions ahead of November 27 can rest assured. The cloud can provide not only a secure environment for online platforms, but for on-site premises too – all monitored from one remote location.
Main image courtesy of iStockPhoto.com