Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Retail & eCommerce

With technology supporting ever increasing retail, hospitality, leisure and eCommerce businesses, retailers need to be aware of blind-spots in their online exposure both for their assets and customers. 

Read more
Complete this form to get in touch

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

In the e-Commerce and retail related sectors such as online retailers, leisure, hospitality, data breaches significantly impact brand reputation, and it may lead to legal implications based on the incident and regulations. Ultimately, it leads to a decrease in consumer confidence. Whether it's a requirement for PCI DSS, GDPR, Cyber Essentials or a proactive approach, Defendza have the skillset and extensive experience in this sector.

Defendza's experience shows mid-sized segment of this new wave of online retailers suffering from cultural issues. As revenues are soaring with larger profitability's, it's not the budgets that are an issue but board and management's awareness of cyber risk profile. At this very stage, the importance of cyber security can never be under-estimated. Blind-spots during design, development or deployment phases could post a serious risk to the organisation. 

There are numerous examples online where major dip in profits was noticed in the immediate aftermath of a breach. While malicious actors are gaining momentum in the Tactics, Techniques and Procedures (TTP) utilised during attacks, businesses in this sector must adapt cultural improvements to ensure cyber security keep them on the front foot. 

Challenges - Financial Services Sector

While your business is expanding through soaring revenues, cyber security blind-spots if left uncovered are potential disasters waiting to happen. 

As per the Retail Crime Survey published by The British Retail Consortium, 53% of the reported frauds in the retail sector are facilitated by cyber.

When it comes to breach incidents, Retail and eCommerce are second after the banking and insurance industry. It's important to think beyond conventional tick-in-the-box approach. In case of retailers taking care of their cyber hygiene, many a time supply chain risks could lead to whole chain compromise. Instances in the past include threat actors targeting IT services including hosting service providers, Point of Sale integrators, help-desk companies and IT resellers who deploy new devices.

Key challenges faced by retail and eCommerce security and IT teams including middle management include:

  • Lack of proactive approach towards cyber security to ensure it's an organisation-wide priority
  • Commitment to PCI DSS compliant network/assets only
  • Reliance on managed IT services provider to take care of cyber security
  • Lack of environment, user, role separations such as retail and corporate environment, development environment, user and role separations
  • Non-adherence to Business As Usual validations every year or upon infrastructure refresh, introducing new systems or major code changes

As the threats facing this sector are constantly evolving, there can never be a fixed list of security concerns. Overall, the retail industry is facing a challenging cyber threat landscape.

Online retailer and eCommerce security specialists. Get in touch.
Call Us Now

Are you prepared ?

What systems and controls are in place to mitigate against supply chain attacks?

A supply chain is a chain of dependencies in goods or services. Supply chain compromise is the manipulation of products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system threat. A supply chain can be compromised in various ways, for example, through the exploitation of third-party data stores or software providers.

How do you process and store personal data of your clients?

The loss of client information can have a devastating impact on a sector that has confidentiality at the heart of its business. Firms storing sensitive information, third party data, transactional records are likely to be at a higher risk of data breach than a local high street firm. Therefore, it goes without doubt that secure information storage and processing practices would help minimise the attack surface.

Are you adhering to PCI DSS compliance requirements?

If your business processes card payments, it's legal requirement to adhere to PCI DSS compliance pre-requisites. PCI DSS  encompasses six key objectives that contain set of requirements across multiple controls. More information regarding PCI DSS applicable offerings by Defendza can be found here

Are you providing for Point of Sale systems and environments for thorough assessment?

Before deploying POS implementations at a scale, it's vital that sample implementations are validated by a third party provider for issues such as segregation, encryption measures in use, network traffic analysis for payment data, checks on the tills/retailer systems, and associated cyber security key aspects. 

What systems and controls are in place to decrease insider threats?

Insider threats are counted amongst the most significant cyber-risks in the financial services sector. Businesses tackling this issue regularly validate their controls around logical access controls, spear-phishing, threat intelligence and regular penetration testing. In addition to technical controls, staff awareness and understanding through training helps build security-conscious culture.

Sector Experience

Our experience in the industry comes from the varied consultancy and security assessment based projects conducted for Supermarkets, High Street banks, e-Commerce and online retail customers.

Key benefits

✔ Threat modelling & Code Review

✔ Black Box Security Assessments – Restaurant Point of Sale implementations, grocers internal network, SAP security and mobile applications

✔ Post-breach Assessments for online retailer

✔ Online supermarket retailer including shopping/payment facilities – Oracle e-Business Suite, Oracle Applications, and other bespoke implementations

✔ Cloud based Magento implementation security review for two major retailers

✔ In-Depth Application Security Assessment for multi-million online retailers

Let's discuss your primary security concerns.
Call Us Now

Related Blog

Resources

E-Retailers Need to Prepare For Holiday Spikes

25/07/2019

Akamai report warned that retailers need to be aware of Prime day shopping spikes in traffic in order to prepare for future online sales and the holiday season. With a spike in traffic comes the additional threat of cyber-attacks. The report also found that “nearly 10 billion total bot attacks during the 48 hours of Prime Day is equal to the number of retail-specific bot attacks we detected from May to December 2018. Prime Day was very attractive to threat actors due to the high visibility of Prime Day and the larger number of retailers offering their own promotions.

Financial hacking teams update tactics to haunt banks & retail

14/08/2019

The attack trend, which is sometimes referred to as ‘big game hunting,’ can include the use of a wide range of bespoke malware and commodity ‘crimeware’ malware available for download or purchase from underground forums and marketplaces, including banking Trojans, information stealers, keyloggers and loaders, as per Accenture's 102 page report.