Skip to main content

Overcoming retail security challenges with the cloud

(Image credit: Shutterstock / issaro prakalung)

The last 12 months have left retailers little choice but to embrace digital transformation. Consecutive lockdowns have meant that online shopping has become the norm for many consumers. This shift to online shopping is expected to last long-term, with almost half of UK consumers (47 percent) recently claiming that they will not go back to their pre-pandemic levels of in-store shopping. For many retailers, this means attempting to deliver innovative new ways of digitally engaging their customers, with migrating to the cloud being the starting point. 

Retailers who migrate to the cloud have been rewarded with higher revenue and the ability to adapt to their customers' needs. However, with reward there comes risk, and the move to online shopping has led to a number of significant security challenges for retailers. 

The increase in online shopping means that retailers are now storing more readily available customer data than ever before, making them a clear target for hackers. In fact, in the year leading up to November 2020, over 400 million customer records were stolen from retailers. The majority of attacks are designed to try and make financial gain at the expense of the retailer, however there are also attacks that aim to cause website interruption or downtime. 

As retailers ride the wave of opportunity, they must navigate the storm of these potential threats. The question then becomes, how do they fully prepare themselves?

The threat

The threat to retailers from cyber-attacks is real and costly. Penetration tests – where a cybersecurity team performs a controlled hack on a business network to expose its flaws – have shown that 38 percent of small and 49 percent of large businesses are susceptible to high-risk threats on their whole network. This leaves thousands of companies open to breaches, theft and fraud.

This threat is often compounded by retailers utilizing a disorganized patchwork of storage infrastructure. Research from the IDC found that 90 percent of organizations would be using a mixture of multiple different cloud and local storage solutions in the next year. This mixture of services leaves businesses and IT security in the dark when it comes to potential threats on the network. 

A breach can happen in one area and by the time the specialists have located and dealt with it, the damage is done, and the data has been stolen. With the average cost of a serious data breach estimated at $150 million in 2020, retail businesses need to make sure they are storing their precious information in one secure cloud space with a reputable company that can safely manage and protect their customers’ data.

The biggest culprits

One of the most common forms of attack vectors used to target retailers are distributed denial of service (DDoS) attacks. These attacks flood e-commerce sites with bogus traffic with the aim of causing the site to crash. With downtime meaning losses in revenue for retailers, the hacker then extorts money from the brand in the hope a desperate retailer will pay them to get the site back up and running. In fact, research has revealed that between February and October 2020, DDoS attacks targeting retailers across Europe had quadrupled on the same period the year before. 

As with many other industry sectors, human error is also a leading cause of data breaches. A staggering 95 percent of data breaches in retail businesses are caused by human error, usually from employees themselves. Employees can open a phishing link and download malware onto their devices that potentially compromise the whole network’s security. As well as that, poorly set up cloud storage services, complicated controls and an over-reliance on public cloud all leave company data wide-open for hackers.  

Faulty processes can also be exploited to steal company and customer data. Setting up a cloud server is complicated and, if done incorrectly by inexperienced or lazy vendors, it can lead to potentially disastrous security failures. In 2018, U.S bank Capital One Corp. lost 100 million people’s details when a hacker was able to create software to identify the business customers of a cloud storage company with weak firewalls. The loss of banking details and social security numbers left Capital One with a £61.3m fine from US regulators and the broken trust of millions of consumers. 

What can a good cloud provider offer?

Retailers who have migrated to the cloud over the last few years have been rewarded with higher revenues and enhanced customer experiences. As the pandemic pushes more customers online businesses must follow them or risk closure in the ‘new normal’.

However, as we’ve seen above, the difference between a good and bad cloud provider can be the difference between success and failure when it comes to migrating retail data to the cloud. Security must be at the forefront of every retailer's mind when they are choosing a service provider. A reputable cloud partner will be able to work seamlessly with your company’s existing IT specialists to set up your cloud storage in a secure, accessible and transparent way. They will have the solutions and dedicated expertise to defend against attack vectors such as DDoS. 

As well as centralizing and securing business data in one easy-to-manage system, a reliable cloud partner performs a series of effective security operations to make sure that malevolent actors can’t access customer data. Automated systems on secure, private cloud servers solve many of the human error issues. By automating you also remove dangerous interactions with the server and separating company data from the public internet gives it fewer contact points to exploit. 

Now more than ever, retailers are looking to re-architect their survival by migrating to the cloud. However, confused storage infrastructure, careless employees and choosing the wrong cloud provider can at best make your migration to the cloud difficult, and at worst leave your data open to theft and ransom. 

It is imperative that retailers pick reputable, experienced and transparent cloud providers to avoid the pitfalls outlined here. By picking a good cloud solutions expert, retailers can exploit the benefits of cloud storage whilst their precious data remains safe and protected.

Felix Shalom, Retail Consultant, HeleCloud

Felix Shalom is an Account Manager at HeleCloud - a dedicated AWS cloud service provider.