This holiday season, cyber threats loom large – here’s how retailers can protect their systems, customers and reputations
The holidays are a critical time for retailers. It’s the season of giving, shopping and festive cheer – but it’s also a peak season for cybercrime. With surging online and in-store transactions, cybercriminals have more opportunities to exploit vulnerabilities, often targeting retailers ill-prepared for the increased traffic and risk.
Recommended Videos
Safeguarding systems and protecting customers have never been more urgent.
Cyberattacks on retailers are becoming alarmingly frequent. VikingCloud’s 2024 Holiday Cyber Threat Survey reveals that 80 per cent of North American retailers experienced a cyberattack in the past year, with more than half reporting increased risks during the holiday season.
From phishing scams to ransomware and spoofed websites, the threats are sophisticated, relentless and expensive. The average cost of a data breach in Canada has reached US$4.66 million, encompassing operational downtime, legal penalties and reputational damage. For retailers, the stakes during the holidays are enormous.
The threats
Among the most common threats, phishing scams stand out. These attacks account for 58 per cent of cyber breaches, according to TechRadar. Fraudulent emails, often disguised as trusted brands, trick employees or customers into divulging sensitive information such as login credentials or credit card details.
Another growing threat is ransomware, which locks businesses out of their systems until a ransom is paid. In 2024, ransomware accounted for 26 per cent of cyber incidents targeting retailers, double the figure from the previous year.
And then there’s the surge in fake websites, which increased by 284 per cent in the months leading up to the holiday season, according to RH-ISAC. These counterfeit sites are designed to deceive customers, stealing their payment information while tarnishing the reputation of legitimate retailers.
Despite these alarming trends, many retailers leave themselves vulnerable by making avoidable mistakes. Weak passwords and delayed system updates are common missteps, providing easy entry points for attackers. Neglecting the security of vendors and supply chain partners is another critical gap. Vendors with third-party access to retail systems can unwittingly expose businesses to risk, underscoring the importance of regular audits and shared security protocols.
Even communication mishaps can compound the problem.
When a breach occurs, transparency is essential. Failing to inform customers promptly can erode trust, often more damaging than the breach itself.
Best practices
So, what can retailers do to protect themselves and their customers during the holidays? The key lies in preparation. Strengthening IT infrastructure is a foundational step. This includes updating all systems with the latest security patches, deploying firewalls and encrypting sensitive data.
Equally important is employee training. Seasonal hires, who are often unfamiliar with cybersecurity protocols, must be educated about phishing scams, password hygiene and secure data handling practices.
Retailers must also focus on protecting customers. Implementing two-factor authentication (2FA) for customer accounts can prevent unauthorized access, while secure payment gateways and encryption reassure shoppers their transactions are safe. Real-time monitoring tools can help detect suspicious activity, allowing businesses to respond swiftly to potential breaches.
Summary
The cost of ignoring these precautions is too high. The holiday season represents an opportunity not only to boost sales but also to build trust with customers by demonstrating a commitment to their safety.
By adopting proactive measures, retailers can navigate the challenges of the season securely, ensuring that the spirit of giving isn’t overshadowed by the cost of cyberattacks.
After all, a secure shopping experience is one of the best gifts retailers can offer their customers this holiday season.
Isaac Wanzama is the CEO of Guardlii
