Since social distancing and stay-at-home orders were put in place, most major retailers have had to pivot nearly entirely to e-commerce, presenting new opportunities for cybercriminals to disrupt services and steal data. Ransomware attacks have risen by 148 percent since the pandemic started to impact the United States. Every sector is at risk, so it’s especially crucial for retailers to have their cyber defenses ready.
Furthermore, in a recent survey of 2,000 consumers conducted by Arcserve, respondents shared they’re increasingly less tolerant toward ransomware-related outages, and have no problem taking their business elsewhere after experiencing any disruptions. With so much uncertainty around the stability of the economy right now, retailers simply cannot gamble with consumer trust by being offline for too long or by inadequately protecting customers' personally identifiable information (PII).
Consumers Have Long-Lasting Memories, and Aren’t Afraid to Walk Away
The research also found that consumers won’t trust brands that have fallen victim to attacks. Sixty percent would avoid purchasing from a business that suffered just one cyberattack in the past year. This shows that cyberattacks — like the recent one on Macy’s — leave lasting impressions that can have a devastating impact on customer retention and loyalty.
Worse, 45 percent of consumers say they’ve shared their negative cyberattack-related experiences with family, friends and colleagues. In the age of Yelp, businesses are entirely at the mercy of customer opinions. As these attacks continue to worsen and threaten consumer privacy, people are paying closer attention to the security and accessibility of their data. If their data is compromised or inaccessible as a result of a cyberattack, they’re going to spread bad reviews and take their business to a direct competitor, killing growth and putting a dent in revenue.
Keeping Data Safe Improves Loyalty and Generates ROI
However, if you can show customers you can reliably protect PII, it will pay off in the long run. Over 40 percent of consumers said they would be willing to pay more for products and services from businesses they perceived as being secure. This serves as a crucial reminder for retailers to stay ahead of emerging threats by assessing if their current cybersecurity protocols are doing enough to keep customer data safe.
To do this, retail IT teams should start by conducting a risk assessment of the current threat landscape to help inform their business continuity and disaster recovery (BCDR) plan. From there, those plans must be well-tested and communicated across the organization, so when an attack does occur, employees are aware of their roles in remediation, and know where critical data and systems live. Additionally, retailers should consider choosing service providers and vendors that offer integrated cybersecurity and data protection. Integrated solutions can help reduce the risk of security gaps that can arise from misconfigured software and can help retailers easily deploy a multilayered approach to ransomware readiness.
As stores start to reopen, and technologies like contactless payments or delivery/pickup services are introduced, it will be equally as important to keep up the proactive defense against ransomware. When new systems or technologies are rolled out, there’s always potential for security gaps that can be easily exploited by an opportunistic cybercriminal.
The bottom line is that retailers need to prioritize cybersecurity if they want to gain and maintain consumer trust. Consumers need assurance that their PII is in the right hands, and once they have that, they'll be happy to keep doing business with you.
Oussama El-Hilali is chief technology officer of Arcserve. For more than 30 years, Arcserve has been a catalyst for IT transformation by redefining how organizations all over the world protect their priceless digital assets.
Related story: 4 Ways to Make Your E-Commerce Site More Secure
Oussama El-Hilali is CTO of Arcserve. For more than 30 years, Arcserve has been a catalyst for IT transformation by redefining how organizations all over the world protect their priceless digital assets.