Each year, retailers eagerly look forward to Black Friday, Cyber Monday, and the start of the holiday shopping season. And for good reason, since these few short days account for 20-30% of annual sales. In 2019, the weekend generated $7.4 billion in online sales and consumers spent $11 million per minute at the peak of online activity.
Cybercriminals look forward to the holiday season no less avidly. After all, more transactions means more opportunities for cyber thievery.
Retailers are a favored target of cybercriminals because they have personal information, including credit card information, for millions of people. That data is a treasure trove that can be readily sold or exploited by hackers.
Supply Chain Vulnerabilities
Retailers, of course, aim to provide as frictionless an experience as possible for their customers, based on the understanding that an easier purchase process makes it more likely that customers will buy – and return to buy more. This often means storing lots of sensitive customer information, including credit card information, to make shopping more convenient. It also increasingly means depending on technology solutions from a growing number of third-party vendors. According to one survey, companies allow 89 vendors, on average, to access their networks.
Supply chain vulnerabilities have led to major data breaches for retailers. Examples include:
- . Cybercriminals made off with credit or debit card information for 40 million accounts in an attack that was routed through the company’s HVAC vendor.
- Home Depot. Accessing the Home Depot network via a third-party vendor, attackers installed malware that enabled them to steal information for 56 million credit/debit card accounts.
- Under Armour. 150 million accounts were compromised by an attack that came through the MyFitness Pal app, which Under Armour had acquired.
- Saks, Lord & Taylor. Five million credit and debit card accounts were compromised by an attack via a cash register system vendor.
According to a report from IBM, the average cost of a data breach in the United States in 2020 was over $8 million. In some cases, such as if the breach results in a violation of European data privacy laws and triggers massive…