‘Tis the Season for Data Breaches: Data Security in the Retail Industry

Holiday Shopping

For retailers around the world, this time of year is a whirlwind. Between coordinating sales and deals, managing a volatile supply chain, and keeping up with increased volume, many retailers have their hands too full to account for something equally as important: cyber security.

Many bad actors take advantage of the increase in data during the holiday season, like personal identification information and financial information such as credit card numbers. Retailers are a major target for a data breach if they don’t have the proper protections in place.

Since data breaches carry catastrophic consequences for businesses, retailers can’t afford to take any chances when it comes to their data.

The growing need for retailers to secure their data

If your organization has been lucky enough to avoid a data breach so far, it’s not to say that your luck will continue. Hackers are advancing every day, finding new ways to infiltrate and exploit weak points to gain access to information.

Because of this, the number of data breaches in the United States has skyrocketed from 662 million in 2010 to more than a billion in 2020. And that trajectory is only expected to continue -- it’s estimated that a business will fall victim to a cyber attack every 39 seconds this year.

According to the Ponemon Institute’s Cost of Data Breach Study in 2020, the global average cost of a data breach is $3.86 million, with the cost in the United States at $8.64 million. There are also indirect and long-term impacts, as consumers will likely lose trust in retailers that put their personal information at risk. Together, that spells disaster for retailers who experience a data breach.

Types of breaches and threats to be aware of

The phrase “data breach” is a general umbrella term for a bad actor accessing data sources and obtaining sensitive information. Some of the most common breaches retailers are at risk for include:

  • Ransomware - gains access to vital data such as customers’ saved credit card information and locks it down until a ransom is paid. Ransomware accounts for almost one quarter of all malware attacks.
  • Malware - Code on hacked websites or files that hijacks computer functions to capture customer data. An average of 4,800 websites a month are compromised with form-jacking code.
  • Phishing - Sending fraudulent emails posing as a retailer in order to steal information.
  • Denial of Service (DoS) - Disrupting a critical service hosted on the internet in an attempt to prevent requests from being fulfilled. While this attack is not a direct breach, it is often used as a tactic to execute a breach.

Any one of these attack types can cause disastrous outcomes for retail businesses, from loss of revenue to loss of consumer trust. Coming back from a data breach takes a lot of time, money, and resources -- far less than what it would take to prevent them in the first place.

How to prevent a data breach in retail

There are several best practices retail businesses can follow to decrease their chances of being a victim of a data breach. While some are basic, like implementing MFA, handling and storing payment information through a secure third party, or securing checkout pages with data encryption, there is more that organizations can do to protect both customer and company data.

The first is securing and protecting your customers’ data by following best practices for PCI compliance. This includes segmenting customer data from company data, ensuring customer data is encrypted at all times, and implementing role-based access controls (RBAC). With these measures in place, it is equally important to monitor for incidents and take additional steps to protect against attacks.

Next, Vandis recommends implementing a defense in depth strategy, with layered security. Layered security puts multiple products in place, with each protecting against a different threat of attack at numerous steps along the threat's lifecycle. This helps to strengthen the company’s defense from threats. If one measure fails, another is in place to prevent the intrusion. A full defense in depth strategy incorporates this layered approach across all of an organization’s security measures. 

As retailers turn to the cloud to support their digital transformation to improve agility and provide greater services to customers, having an advanced security strategy in place is paramount. Vandis offers deep expertise to help retail businesses implement, connect, and secure scalable cloud infrastructures quickly.

With a proven, turnkey infrastructure design based on Microsoft’s Best Practices and all the optimizations that Azure offers, retail organizations can enter their busiest time of year knowing they are better protected from data breaches than ever before.

Contact us for an assessment of your cloud security strategy and to learn how Vandis’ Azure Infrastructure Quick Start and Vandis’ Hybrid Connectivity Quick Start for Retail can give your business better security in a matter of weeks.