Skip to main content

Why is Indian retail prone to cyber threats?

India’s retail and wholesale sectors faced a 22% increase in cyberattacks in 2023. Here’s what’s making us more vulnerable

New Delhi: In April 2021, hacked customer data complete with names and contact numbers related to 180 Domino’s Pizza orders went on sale on the dark web. The number of cyberattacks in India has increased by 15% per week on average in 2023, as per a report by cyber security firm Check Point.

The findings further revealed that the retail and wholesale sectors faced a 22% increase, indicating a change in the attacker’s focus. According to the latest Norton Cybersecurity Insights Report, Indians lose an average of Rs 20,000 when shopping online. Surprisingly, 74% of them are not aware of the next steps to be taken if they are a victim of a shopping scam.

Ransomware attackers are increasingly targeting retail businesses, causing financial losses and disrupting online shopping experiences. Cyber security software company Trend Micro in a study said that attacker surface visibility—possible points or attack vectors from where an unauthorised user can access a system and extract data—is challenging today for several reasons.

These include the lack of the right tools with organisations, opaque supply chains, the sheer size, complexity and distributed nature of modern IT environments and constant technology innovation.

The smaller the attack surface, the easier it is to protect.

What makes India prone to retail cyber threats?

Attacks on data take place due to the complexity of retail operations which include several vulnerable attacker surfaces such as the IT infrastructure, supply chain, evolving technology and payments. “One of the primary reasons is the complex web of IT infrastructure in retail,” said Kartik Shahani, country manager, Tenable India, an exposure management company.

“With many retailers regularly implementing new software as they continue to remain nimble and adaptive to customer needs, cyberattack surfaces have expanded,” added Shahani.

In addition to this, increasing adoption in the digital landscape is also what makes the entire system of data handling fragile and risk-prone.

“The industry becomes a more appealing target for cybercriminals looking to take advantage of weaknesses as it embraces digital transformation. An increased attack surface is produced by the increasing use of data-driven technologies, digital payment mechanisms, and e-commerce,” Ritesh Chopra, India Director, Norton, an antivirus and security software provider said.

E-commerce and digital businesses are more vulnerable to such attacks and this is increasing due to a surge in the adoption of digital shopping and payment modes by consumers.

“E-commerce and D2C companies are fledgling outfits with probably a lesser than optimum focus on cybersecurity (this is not to say that larger firms are any safer but with the relatively better focus on cyber security, they are a trifle better off),” said Siju Narayan, a retail industry practitioner and chief experience officer, Rexemptor Consult LLP. Narayan added that cyber attackers too are leveraging advancements in technology, which is why the quality of intrusions has only gotten better with time.

The weak links in retail cyber threats

Supply chain: An area that is vulnerable to cyber-attacks is the supply chain. Attacks here mainly arise due to the interconnections between a retailer’s network and those of its suppliers or third-party vendors. Any loopholes or lack of security measures from the supplier’s end would result in making the retailer’s network susceptible.

Dependence on multiple suppliers, third-party partners and logistic systems for different tasks makes the data handling more complex.

“Supply chain attacks offer malicious actors the opportunity to maximize their impact by infecting multiple organizations through a single supplier’s network infiltration,” explained Shahani of Tenable India.

Payments: With digital payments becoming standard when shopping online, UPI frauds, and credit card skimming are on the rise. “The range of attacks has grown due to the widespread use of digital payment methods and online purchasing platforms,” said Chopra of Norton.

Why is Indian retail prone to cyber threats?
Representative Image: Pixabay

“Considering the amount of first-party data stored on retail systems, retailers are becoming an easy target of all attackers as their security systems are not up to the mark. The demand for first-party data has increased after the recent deprecation of third-party cookies,” said Vivek Bajpai, co-founder and chief technology officer (CTO), GoKwik.

“Most retail merchants rely on technology provided by some small SMBs or they rely on open-source systems, although the cost of having these systems is very low, patching the vulnerabilities of these systems is usually ignored, as most of the retail companies don’t have enough engineering bandwidth,” added Bajpai.

What Retailers are doing

Retailers adopting digital systems and handling data are constantly working to safeguard their data and systems. Measures include storing data behind a firewall, different encryption protocols, intrusion prevention systems, security operation centres, password management, and updating cybersecurity measures.

Retailers in India have all invested a substantial investment in strengthening the measures. In addition to this, companies are compliant with industry standards like the International Organisation for Standardisation (ISO), Payment Card Industry Data Security Standard (PCI DSS) and others.

They also use cutting-edge technologies like artificial intelligence (AI) and machine learning in fraud detection with specialised algorithms.

However, experts still emphasise that retailers in India need to adopt exposure management to reduce cyber risk effectively. Exposure management provides retailers with complete visibility and context into what attackers see, helping them prioritise remediation efforts so the most critical business assets are protected. Investing more in cybersecurity technologies that focus on prevention, detection, and incident response should also be increased at regular intervals.

More insightful and stimulating conversations on technology trends in retail are expected at the Phygital Retail Convention (PRC) 2024.

The post Why is Indian retail prone to cyber threats? appeared first on India Retailing.



from India Retailing https://ift.tt/pdjmyrC
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

Eagle Labs launches impirica CBD brand

ST. PETERSBURG, Fla. — Eagle Labs has launched impirica, a new brand of CBD intended to eliminate consumer fear, and increase confidence, in trying the exciting new cannabidiol category. Michael Law Although most Americans have now heard about CBD, many are very confused and concerned about product quality. This is inhibiting trial in the category and holding back conversion into sales. In fact, a 2017 study by Johns Hopkins University found that two out of three CBD products on the shelf did not contain the amount of CBD reflected on the label. Furthermore, in 2018 and 2019, the FDA sent notices to a substantial number of CBD manufacturers advising them of serious concerns about product quality or egregious medical claims. The impirica brand looks different than most CBD brands — the brand name itself connotes testing and trust, says Eagle Labs chief commercial officer Michael Law. “It doesn’t use the traditional category colors of browns and greens, and you won’t find a hemp...
68 comments
Read more

Coronavirus Recovery: Canadian Small Businesses Must Focus on Easing Employee, Customer Fears

By M. Tina Dacin and Laura Rees A small business has been  given the green light to reopen amid the COVID-19 pandemic . What does it need to consider for employees and customers? Small business owners are reorganizing physical space to account for continued distancing requirements and rethinking supply chains to deliver products and services in new ways to meet changing demand patterns. But they must not forget the hearts and minds of employees and customers. That doesn’t mean replacing a focus on the bottom line, but it helps address the need for a new set of expectations and ways of communicating in terms of product or service offerings, delivery methods and real-time feedback. Based on our expertise in organizational behaviour and past research we’ve conducted, we provide a set of recommendations to help small businesses thrive in our new COVID-19 economy by looking after the hearts and minds of the people most important to businesses — employees and customers. Fear, Anxi...
1 comment
Read more

World's 1st Pizza Subscription Service Launches in Toronto

general assembly subscription user opening delivery box of pizza. photo: general assembly pizza By Mario Toneguzzi Toronto-based General Assembly Pizza has launched what it describes as the world’s first pizza subscription service as it also plans to aggressively expand its product offering in the near future by opening a new concept in the market. "Since opening our doors in 2017, we have pushed for the best guest-experience possible — that's why our dough is 100 percent naturally leavened, that's why we have a purpose-built 400-square-foot pick-up and delivery area, and that's why we’ve launched a direct-to-consumer subscription-based ecommerce platform,” said Founder & CEO Ali Khan Lalani. “In 2020, providing the best guest experience means General Assembly Pizza has to be more than a restaurant. I'm proud to say that after almost six months of planning, many roadblocks, and countless pivots — all while maintaining our day-to-day restaurant operatio...
1 comment
Read more