Skip to main content

The real threat to the retail industry over the Festive season

Cyber Monday madness is upon us, with retailers announcing extravagant sales and promising price drops in an attempt to draw consumers to buy their products. Not only can this be one of the most profitable times for the retail industry, but it’s also an excellent way to attract new customers – so it’s vital to get it right.

Retailers are constantly upping the ante of their marketing, advertising and branding efforts at this time of year, even building online sites and mobile commerce apps to make the shopping experience easy and accessible from the palm of the consumer's hands. However they are overlooking a serious issue — the mobile security risk in their own business.

Is mobile security a big deal?

Just a few weeks ago, a distributed denial of service (DDoS) attack took down a series of huge sites, including Twitter, Reddit and Spotify. While the hackers are yet to be identified, the root of the attack is clear: an IoT device that had 12 million installations worldwide.

With almost 2 billion smartphones in the world, just imagine the impact if only a fraction of these devices were to be used in a similar type of attack that affected your e-commerce website. The negative impact on revenue would be catastrophic, especially during Black Friday and Cyber Monday when consumers are flocking to retail websites and mobile apps to purchase goods.

In fact, of the £6.7bn that’s predicted to be spent during Black Friday, half will be purchased through mobile devices — so if a hacker crashes your mobile commerce app, you can expect some serious damage to a company's profits.

The threat is real and closer than you think

The thing with the mobile threat is that it’s not just in the hands of hackers or consumers somewhere outside of your business. It is actually in the hands of your employees, right now. Most companies, especially retailers, are highly concerned with cybersecurity in general — just consider how much the average retailer or enterprise invests in anti-virus solutions for desktops and laptops. Yet mobiles are often overlooked, making them the most vulnerable and easiest point of entry for cyber criminals. This is a huge risk.

Mobile devices, especially modern smartphones, contain a wealth of data, and with more and more employees using their mobiles to access corporate data, they hold the power to take down a business in the palm of their hands. In fact, our recent report on the mobile risk in the retail industry reveals a 75 per cent year-over-year increase in mobile malware rates in 2014 alone. The mobile threat landscape is pervasive and growing in complexity, and the retail industry must act fast to mitigate against this threat, especially since the number of mobile devices connecting to the corporate networks of major retailers was revealed to have had significant exposure to app-based threats.

The report, from Lookout, revealed that there were as many as 28 serious mobile threat encounters per 1,000 devices per year. Among these, it is the trojan, root enabler and spyware encounters - at 8, 13 and 4 encounters per 1,000 mobile devices, respectively - that are most concerning. All are app-based threats that exfiltrate sensitive device data and/or compromise device security. A trojan can, among other things, turn a device into a botnet, much like that which took down Dyn DNS; a root enabler can grant an attacker superuser privilege to the device, putting any data the device accesses at risk; and spyware is often invisible to the end-user, with escalated privileges that allow it to collect sensitive data such as the contents of SMS and telephone communications.

In addition to this, many of the devices connected to the corporate network were using an outdated operating system, both on iOS and Android, which can have serious security vulnerabilities.

The exposure to these serious threats by the mobile devices associated with the networks of major global retailers should act as a stark reminder to companies who believe that mobile devices do not pose a risk - because it’s clear they do. Employees don’t take their laptops everywhere with them, however many would go as far as sleeping with their mobile phone at arm's length.

Take precautions instead of having to react

The retail industry must think carefully about a serious security strategy that takes into consideration mobile devices. Recent reports highlight the need to move online, with fewer consumers hitting the streets to purchase goods, however as retailers work on their online strategy, cybercriminals are also becoming more sophisticated in their hacks as the market grows.

Therefore it is imperative that part of a company's online strategy includes investing in the relevant mobile security solutions and educating employees on the risks of mobile security.

Staying alert to possible mobile threats will help shore up your defenses against hackers looking to infiltrate your business or bring it down during one of the most potentially profitable times, such as Cyber Monday.

G-J Schenk, Vice President International at Lookout

Image source: Shutterstock/Olesia Bilkei