Essential Tips For Customers and Retailers to Safeguard Against Cyber Threats

In the UAE specifically, the rise in e-commerce is primarily driven by mobile-first habits and one of the world’s highest smartphone penetration rates. Given increases in mobile shopping throughout the UAE and wider Gulf region, cybercriminal networks are increasing operations and targeting consumers by, for example, sending phishing emails or text messages advertising deals that are actually scams tricking consumers into revealing financial data or permitting malware installation on their devices. Consumers are also increasingly exploited through fake shipping invoices, customer surveys, or other misleading communications. Additionally, cybercriminals increasingly call individuals directly and request personal information to verify a nonexistent order.

To steer clear of data theft and other cybercriminal attacks, customers should always remain wary of unexpected emails, keep track of their online orders and purchase histories, and never divulge personal information to unverified parties. Simple other steps, such as checking for the padlock icon in the address bar when shopping online, are equally valuable to maintain good online cyber hygiene as the icon indicates that data sent to the website, including payment card information, is protected in transit, thus minimizing the risk of interception or loss.

When it comes to retailers, physical point-of-sale (POS) terminals, poorly maintained websites, and unsecured e-commerce platforms are all perennial weak spots. All three are lucrative entry points for cybercriminals, who are not only after financial data but also customer information including purchasing habits or personally identifiable information such as payment card numbers, which can be sold on Dark Web forums. Third party suppliers also pose a risk given that retailers often have poor visibility into their security practices. For example, if a security-hardened retailer works with a third-party supplier with poor security hygiene, attackers can gain access to the retailer by targeting and infiltrating the supplier. Since the supplier enjoys trusted access to the retailer, attackers can exploit that trust – leaving even cyber-secure retailers vulnerable.

Retailers should also be wary of using outdated software to safeguard against criminal activity as it poses a threat to the security of payment systems and customer data. Technology vendors publish updates that address flaws and vulnerabilities on an ongoing basis, so the most important thing a retailer can do, aside from purchasing the right technology, is to properly care for it through a regularly scheduled patch management and update process.

The lucrative nature of cryptocurrency mining is another key threat as cybercriminals exploit vulnerable computer systems and networks in the Middle East using malware to mine cryptocurrencies. According to Symantec, the skyrocketing and volatile prices for cryptocurrencies in the last quarter of 2017 spurred a significant increase in infection rates. These so-called “cryptojackers” compromise websites for popular brands, uploading malicious script that infects the web browsers of unsuspecting visitors. When customers visit infected websites using insecure means, the malicious script begins siphoning computing power to mine cryptocurrencies.

While not a conventional cyber threat, due to social media, brands must be mindful of malicious entities or even employees attempting to disrupt their online presence as online presence is a primary driver of revenue, brand recognition and traffic for online and physical stores. Retailers need to monitor online discussions about their brands as it is simple for malicious actors to conduct negative campaigns that quickly go viral. Likewise, rogue employees can hijack social media accounts and publish offensive or false information, causing reputational damage. Indeed, an insider or motivated social media manipulator can inflict damage on par with or exceeding a malware-based attack.

In the long run, it is easier to anticipate and prevent a cyber incident than clean one up. In this regard, the services of a managed security services provider (MSSP) are invaluable. MSSPs provide a range of security services to keep businesses online including denial-of-service protection, reputation monitoring, threat forecasting, and incident response. Equally important, entities must also stress test their plans, policies and staff through exercises and simulated crises. This added layer of preparation is critical to equipping and training staff across the retail lifecycle, from cashiers to C-suite executives, to respond effectively when a cyber attack occurs. Ultimately, while cyber attacks are only a matter of time, steps like these can ensure that retailers are prepared.