Cyber Monday promises big gains to retailers, but only if they are on their guard.
According to the IBM 2015 Cyber Security Intelligence Index, cybersecurity incident rates among retailers and wholesalers climbed from 6.2 percent in 2013 to 9.37 percent in 2014. And although separate IBM data shows that the number of holiday cyberattacks dropped from 2013 to 2014, there’s never a good time to be lax about security.
Major retailers such as Target, Home Depot and Michaels learned that lesson the hard way: In the past few years, all three experienced widely publicized data breaches. The brands not only suffered a loss of customer trust but also took significant financial hits.
The Ponemon Institute’s 2015 Cost of a Data Breach Study found that in 2015, the average cost of a data breach in the retail industry was $165 per lost or stolen record — that’s a 57 percent increase over the previous year, when the cost was only $105 per compromised record.
As Sites Go Down, So Do Profits
According to IBM’s Cyber Security Intelligence Index, data breaches aren’t retailers’ only concern. Denial-of-service incidents — which make target sites unavailable to users — are increasing , and more than half of last year’s incidents were aimed at retailers.
The danger here is that on Cyber Monday, even a brief downtime can spell big losses. The National Retail Federation projects that this year’s holiday shopping season (November and December) will bring in $630.5 billion. Website reliability and uptime are essential to retailers hoping for a piece of that pie.
Building a Better Defense
The IBM index recommends that retailers look beyond firewalls and other intrusion-prevention systems to protect against denial-of-service attacks.
“A managed web defense service can help prevent these attacks by routing traffic away from an organization’s infrastructure during an attack, keeping websites running without disrupting operations,” it states.
Elizabeth Weise of USA Today offers more expert insights regarding retail cybersecurity on top shopping days:
Protecting, testing and guarding systems to ensure there are no infiltrations and that the company's payment system can withstand denial-of-service and other brute-force attacks is crucial, say experts.
"It takes roughly six months to really prepare" for the holiday season online, said Peter Tran of computer security firm RSA.
Security upgrades must be installed, systems tested and monitoring put into place.
In addition, many companies put tech and security teams on retainer, so they can come in at a moment's notice if anything hits. All that takes time.
While the clock’s run out for this year, retailers would do well to extend Cyber Monday security precautions to the whole year — because unlike holiday sales, cybercrime can hit at any time.