Through the retail lens: Cyber vulnerability

Sherri Davidoff explores data breaches, scams and lures in a time when nothing feels “secure”

In the world of cybersecurity, Sherri Davidoff is a threat of a different sort: Even the New York Times considers her a “security badass.” Davidoff is CEO of LMG Security, author of the recent book “Data Breaches: Crisis and Opportunity,” a faculty member at the Pacific Coast Banking School, an instructor for Black Hat, and a GIAC-certified forensic examiner and penetration tester. She received her degree from MIT, and was even the protagonist of the book “Breaking and Entering: The Extraordinary Story of a Hacker Called ‘Alien.’”

What does all this have to do with retail? In the time of COVID-19 in particular, plenty. Here are her thoughts in our ongoing series.

Image
Sharri Davidoff headshot
Sherri Davidoff

While the pandemic has kept most of us at home, what cybersecurity vulnerabilities has it created, particularly for retail?

Product scams: Retailers are at high risk of becoming victims of product scams. Early on in the pandemic, retailers scrambled to find hand sanitizer, masks, gloves and other protective gear. Cybercriminals falsely advertised these high-demand products using attractive lures in emails, phone calls and websites. Desperate retailers fell victim and sent payment — and never received the promised goods. Similarly, scammers have been advertising air-cleaning services, fake vaccines, fake test kits and other products that are too good to be true. We see new scams every day, as cybercriminals continue to refine their tactics.

Another vulnerability relates to remote work: For back-office staff, working from home enabled retailers to continue some of their operations. However, the shift to remote work introduced many weaknesses, from physical security issues to concerns about hacked home wireless networks. Many retailers scrambled to adopt new cloud software and spin up virtual desktops in the cloud, which also opened new doors for cybercriminals. Today, we are now in the “cleanup” phase — slowly assessing the changes that were made when the quarantine began and working to fix vulnerabilities that were introduced and assess the security impacts of changes.

What do you anticipate are the long-lasting impacts of the pandemic on retail cybersecurity?

Contactless payment systems are dramatically more popular now than before the pandemic. A recent poll by Mastercard showed that almost 80 percent of people worldwide now report using a contactless payment method, such as a digital wallet or tap-and-go credit card. In Q1 2020, the number of contactless transactions worldwide increased over 40 percent compared with the previous quarter. Consumers view contactless payment systems as cleaner than cash, and even eschew signature pads.

This is all good news for merchants. Credit card numbers have always been a liability, and contactless payment systems often go hand-in-hand with tokenization and end-to-end data encryption, two important security features that protect merchants from the risk of costly data breaches. 

Many merchants have also adopted ecommerce systems in order to sell products online during the pandemic, take food orders and facilitate payment. Consumers embrace the convenience of these apps, and they also help customers order and pay while remaining at a safe distance. Once retailers and customers experience the convenience of ecommerce apps, it’s likely that they will be here to stay.

However, ecommerce systems also come with inherent risk, since consumer data is processed by third-party providers, who have been ramping up their own capabilities to meet surging demand.

As some stores prepare to reopen with an emphasis on health-related security, what vulnerabilities does this open for cybercriminals and how must retailers work to mitigate them? 

As stores reopen, demand for protective gear such as masks and hand sanitizer will continue to surge. Retailers should remain wary of potential scams. Cybercriminals are very creative! Always make sure to verify the identity of callers and people that email you before taking action. You can always call a number you already have on file to check. Remember: If an offer seems too good to be true, it probably is! Stay alert, and stay safe.

Related content

Coronavirus Resources for Retailers
 
Resources and information for retailers on the COVID-19 pandemic.
Read more
Restaurants embrace social distancing
 
Keeping customers safe with fun and elegance.
Read more
NRF chief economist says economic recovery is 'being tested daily'
 
Even though the economy is recovering, conflicting data makes it difficult to say how steady the comeback will be.
Read more