E-Commerce Puts Retail Vulnerability Management in Spotlight
The retail sector has its own unique cybersecurity risks, especially given the growing emphasis on online commerce. The trend toward purchasing goods and services on the internet has been going on for years. But the volume of e-commerce has seen a sharp increase since the beginning of the pandemic, when many physical stores were forced to lock down or consumers simply opted to buy online rather than visiting brick-and-mortar locations.
E-commerce Presents Risks that Vulnerability Management Addresses
The growth in e-commerce is expected to continue over the coming years. The global business-to-consumer e-commerce market is projected to reach $7.65 trillion by 2028, expanding at a compound annual growth rate of 10% over the forecast period, according to research firm Research and Markets. In a December 2021 report, the firm noted that increasing disposable income level, escalating use of the internet and smartphones, and an increasing number of online shoppers are expected to drive the market growth. Providers of online goods and service offer various options to their customers, including a vast product portfolio, discounted price rates, convenient payment methods, same-day delivery, and easy return policies.
This has resulted in growing customer preference toward e-commerce platforms, the report said.
E-commerce does present some risks, however, including cybersecurity threats. “The interconnected and instantaneous nature of online payment channels has increased vulnerability towards cybercrime, digital frauds, and other malpractices,” the report said. Among the top threats that could impact online retailers are financial fraud including credit card fraud, phishing, distributed denial-of-service attacks, ransomware and other malware, and the exploitation of known vulnerabilities such as SQL injection and cross-site scripting.
Of course, retailers that operate physical stores are also vulnerable to these threats, as well as others including unsafe applications in the cloud or on mobile devices.
Breaches related to point-of-sale (POS) systems are a big concern for retailers. The threats include unauthorized access to POS applications, malware specifically aimed at POS applications, outages caused by POS systems being unavailable due to breaches, and attacks against POS application backend systems. Retailers, like financial service firms and healthcare institutions, deal with a lot of sensitive customer information including credit card numbers. Anytime retail systems are threatened there’s a danger of exposure of this data, which can cause major problems for companies.
IoT Adoption Also Increases the Retail Attack Surface and Need for Vulnerability Management
Retailers are also among the biggest adopters of the Internet of Things (IoT), and connected devices present an additional set of threats. And like manufacturers, they are heavily reliant on supply chain partners to stay in business, and therefore need to be aware of security risks related to the supply chain.
As with other sectors, software has become a vital component of business processes in retail. It helps support smoother transactions and other interactions with customers and supply chain partners.
At the same time, software vulnerabilities can be the cause of data breaches and other security incidents. That’s why vulnerability management is important to these companies—those that operate predominantly physical stores, those that are mainly online entities, and the growing number of retailers that are a mix of both. If they can identify and fix vulnerabilities early on, they can avoid costly security breaches later.