Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Retail Industry. Show all posts
Tech Industry
Data Breach data security Hacker attack NordVPN Retail Industry SMBs Tech Industry

Why Small Businesses Are Major Targets for Cyberattacks and How to Defend Against Them

 

Recent research by NordPass and NordStellar, backed by NordVPN, has shed light on small private businesses being prime targets for cybercriminals. After analyzing around 2,000 global data breaches over two years, they found that retail and technology sectors, particularly small companies in the U.S., were highly attractive to hackers.  

Small- and medium-sized businesses (SMBs) are especially vulnerable due to limited cybersecurity resources and sometimes underestimating their value to hackers. Cybercriminals exploit common weaknesses like poor password practices, phishing attacks, and malware infections. Even technology firms—often thought to be well-protected—are at risk when human error allows hackers to bypass their defenses. 

One reason hackers favor small businesses is the prevalence of reused and weak passwords. Many attacks are untargeted; instead, hackers run credential-surfing or dictionary attacks across broad sets of data. When employee credentials are found in leaked databases, they provide easy entry points for cyberattacks, often resulting in financial and reputational damage that can be catastrophic for smaller firms. 

To protect against such threats, businesses are advised to adopt several practices. One essential tool is using a Virtual Private Network (VPN), which encrypts internet traffic, safeguarding remote employees who may connect via public Wi-Fi. This encryption layer prevents hackers from intercepting sensitive data, ensuring businesses and employees remain protected in various working environments. 

In addition to VPNs, companies can enhance security by employing password managers, which generate strong, unique passwords. Passwords are often the first line of defense, and using complex ones significantly reduces the risk of unauthorized access. Cybersecurity audits, ideally conducted by third-party experts, also play a vital role. These audits help uncover vulnerabilities and reinforce trust with customers by demonstrating the company’s dedication to data security. 

Employee training is another effective line of defense, as human error is a common cause of data breaches. Many incidents occur when employees fall for phishing scams or fail to follow security best practices. Regular cybersecurity training ensures staff are better equipped to recognize and avoid threats, thereby reducing potential risks. 

By implementing these protective measures, small businesses can better shield themselves from cyber threats. In today’s digital landscape, investing in cybersecurity isn’t just a precaution; it’s essential for the long-term viability of any business, big or small.
Read more »
Retail Industry
Carpetright cyber attack Cyber Attacks Essex Hacking Retail Industry

Cyber Attack Hits UK's Carpetright, Affecting Customer Orders

 



Carpetright, an eminent flooring retailer in the UK, has fallen victim to a cyber attack, causing disruption to its operations and affecting hundreds of customer orders. Last week, hackers targeted the flooring specialist’s head office in Purfleet, Essex, by sending malware to gain unauthorised access. As a result, customers have been unable to place orders on the company's website or in any of its 400 shops since last Thursday, when systems were taken offline. A spokesperson for the retailer expressed regret for any inconvenience caused, stating, “We are not aware of any customer or colleague data being impacted by this incident and are currently conducting tests and resetting systems, with investigations ongoing.”

The malware infiltration prompted a response from Carpetright's IT security team, who took the drastic measure of taking the entire network offline to contain the threat and prevent further spread. As a result, essential systems crucial for day-to-day operations, including payroll information and employee booking portals, became inaccessible.

The consequences of the attack extended beyond the company's internal operations, as phone lines remained down, leaving customers unable to reach support. Despite the disruption, company officials assured stakeholders that no customer or colleague data had been compromised.


Rising Threat of Cyber Attacks

The cyber attack on Carpetright comes amidst a concerning trend, with recent surveys indicating a sharp increase in cyber attacks targeting British businesses. According to the findings, half of British businesses reported experiencing a cyber attack within the past year, marking a terrific uptick from previous years.


NHS Dumfries and Galloway and British Library Targeted

The incident at Carpetright follows similar cyber attacks on critical institutions, including NHS Dumfries and Galloway and the British Library. Last month, NHS Dumfries and Galloway fell victim to a ransomware attack orchestrated by the INC Ransom group, resulting in the unauthorised access of patient data. The breach raised concerns about patient confidentiality and highlighted the vulnerability of healthcare infrastructure to cyber threats.


In a separate incident, the British Library suffered a major technology outage following a cyber attack by the Rhysida ransomware group. The attack disrupted operations at the renowned research library and underlined the institution of cyber criminals targeting high-profile institutions.


Challenges Faced by Carpetright

The cyber attack compounds the challenges faced by Carpetright in contemporary times, as the company navigates a downturn in demand and heightened competition. Founded in 1988 by Philip Harris, Carpetright has weathered various storms over the years, including its delisting from the London Stock Exchange in 2019 following its acquisition by Meditor, a British hedge fund.


As Carpetright seeks to recover from the cyber attack and adapt to the unfolding market dynamics, its resilience and ability to innovate will be critical in ensuring its long-term viability amidst ongoing uncertainties, including the cost of living crisis impacting consumer behaviour.


Read more »
Technology
AI Data Privacy Hyper-Personalization Retail Industry Technology

Hyper-Personalization in Retail: Benefits, Challenges, and the Gen-Z Dilemma

Hyper-Personalization in Retail

Customers often embrace hyper-personalization, which is defined by customized product suggestions and AI-powered support. Marigold, Econsultancy, Rokt, and The Harris Poll polls reveal that a sizable majority of consumers—including 88% of Gen Zers—view personalized services as positive additions to their online buying experiences.

Adopting hyper-personalization could increase customer engagement and loyalty, and benefit retailers' bottom lines. According to a survey conducted in the United States by Retail Systems Research (RSR) and Coveo, 70% of merchants believe personalized offers will increase sales, indicating a move away from mass market promotions.

Adopting Hyper-Personalization

Hyper-personalization has drawbacks despite its possible advantages, especially in terms of data security and customer privacy issues. Retailers confront the difficult challenge of striking a balance between personalization and respect for privacy rights, as 78% of consumers worldwide show increasing vigilance about their private data.

Privacy and data security issues

Strong data privacy policies are a top priority for retailers to reduce the hazards connected with hyper-personalization. By implementing data clean rooms, personally identifiable information is protected and secure data sharing with third parties is made possible. By following privacy rules and regulations, retailers can increase consumer confidence and trust.

Retailers should take proactive measures targeted at empowering customers and improving their experiences to take advantage of the opportunities provided by hyper-personalization while resolving its drawbacks.

Customers can take control of their communication preferences and the data they share by setting up preference centers. Retailers build trust and openness by allowing customers to participate in the customizing process, which eventually improves customer relations.

Measurement and tracking of customer sentiment are critical elements of effective hyper-personalization campaigns. Retailers should make sure that personalized experiences are well-received by their target audience and strengthen brand loyalty and trust by routinely assessing consumer feedback and satisfaction levels.

In the retail industry, hyper-personalization is a paradigm shift that offers never-before-seen chances for revenue development and customer engagement. However, data security, privacy issues, and customer preferences must all be carefully taken into account while implementing it. 

In the digital age, businesses can negotiate the challenges of hyper-personalization and yet provide great customer experiences by putting an emphasis on empowerment, transparency, and ethical data practices.


Read more »
Technology
Advanced Technology Data Privacy Retail Industry Robocop Pods Technology

Morrisons’ ‘Robocop’ Pods Spark Shopper Backlash: Are Customers Feeling Like Criminals?


 

In a bid to enhance security, Morrisons has introduced cutting-edge anti-shoplifting technology at select stores, sparking a divisive response among customers. The high-tech, four-legged pods equipped with a 360-degree array of CCTV cameras are being considered for a nationwide rollout. These cybernetic sentinels monitor shoppers closely, relaying real-time footage to a control room. 

 However, controversy surrounds the pods' unique approach to suspected theft. When triggered, the pods emit a blaring siren at a staggering 120 decibels, equivalent to the noise level of a jackhammer. One shopper drew parallels to the cyborg enforcer from the 1987 sci-fi film RoboCop, expressing dissatisfaction with what they perceive as a robotic substitute for human staff. 

 This move by Morrisons has ignited a conversation about the balance between technology-driven security measures and the human touch in retail environments. Critics argue that the intrusive alarms create an unwelcoming atmosphere for shoppers, questioning the effectiveness of these robotic guardians compared to traditional, human-staffed security. In this ongoing discourse, the retail giant faces a challenge in finding the equilibrium between leveraging advanced technology and maintaining a customer-friendly shopping experience. 

 Warwickshire resident Mark Powlett expressed his dissatisfaction with Morrisons' new security measure, stating that the robotic "Robocop" surveillance felt unwelcoming. He highlighted the challenge of finding staff as the self-service tills were managed by a single person, emphasising the shift toward more automated systems. 

Another shopper, Anna Mac, questioned the futuristic appearance of the surveillance pods, humorously referring to them as something out of a dystopian setting. Some customers argued that the devices essentially function as additional CCTV cameras and suggested that increased security measures were prompted by shoplifting concerns.

Contrastingly, legal expert Daniel ShenSmith, known as the Black Belt Barrister on YouTube, reassures concerned shoppers about Morrisons' surveillance. He clarifies that the Data Protection Act 2018 and UK GDPR mandate secure and limited storage of personal data, usually around 30 days. Shoppers worried about their images can request their data via a Data Subject Access Request, with Morrisons obliged to obscure others in the footage. In his view, the risk to individuals is minimal, providing valuable insights into the privacy safeguards surrounding the new surveillance technology at Morrisons. 

Paddy Lillis, representing the Union of Shop, Distributive and Allied Workers, supports Morrisons' trial of Safer's 'POD S1 Intruder Detector System.' Originally designed for temporary sites, this innovative technology is being tested in supermarkets for the first time. Morrisons aims to decide on nationwide implementation following a Christmas trial. The system is lauded for deterring violence and abuse. This signals a growing trend in adopting advanced security measures for a safer shopping environment, encompassing the dynamic transformations in the technical fabric of retail security.

Read more »
Sophos report
Cyber Attacks cybercriminals Cybersecurity Ransom Payment Ransomware recovery cost Retail Industry security measures Sophos report

Report: Retailers Face Challenges in Coping with Ransomware Attacks

 

In a disconcerting revelation, a recently released report suggests that retailers are finding themselves increasingly outmatched in the ongoing battle against ransomware operators. Conducted by cybersecurity experts Sophos, the survey enlisted the perspectives of 3,000 IT and cybersecurity leaders from small and medium-sized businesses (SMBs) and enterprises worldwide, with a particular focus on 355 respondents hailing from the retail sector. 

The findings are rather sobering, indicating that a mere 26% of retailers were successful in thwarting a ransomware attack before succumbing to having their valuable data encrypted. This figure represents a noticeable decline from the preceding year's 28%, and even more starkly from the 34% recorded two years prior.

Chester Wisniewski, the Director of Global Field CTO at Sophos, sounds a cautionary note, deeming the survey a resounding wake-up call for organizations within the retail industry. His message is clear: retailers must urgently fortify their security measures in the face of the escalating ransomware threat.

The report also sheds light on the protracted recovery process faced by victims who opt to meet the ransom demand. Among those who acquiesced, the median recovery cost, excluding the ransom payment itself, surged to four times that of those with a functional backup, reaching a staggering $3 million compared to $750,000. 

Approximately 43% of victims opted to pay the ransom, prompting Wisniewski to caution against shortcuts, underscoring the imperative of rebuilding systems to prevent cybercriminals from reaping the rewards of their malicious activities.

While there is a glimmer of optimism for retailers in the report - the percentage of firms targeted by ransomware threats dropped from 77% to 69% compared to the previous year - the recovery times have taken a hit. The proportion of companies able to recover in less than a day dwindled from 15% to a mere 9%, while those grappling with recovery periods exceeding a month increased from 17% to 21%.

Ransomware, as the report highlights, typically gains entry through the actions of unwitting employees, such as downloading malware or inadvertently providing attackers access to crucial endpoints. 

Consequently, the report underscores the critical importance of comprehensive employee education regarding the perils of cyberattacks. In addition to fostering employee awareness, safeguarding against ransomware necessitates strategic measures such as regular backups of critical systems and data, coupled with the implementation of robust endpoint protection services. The call to action is clear - retailers must fortify their cybersecurity defenses comprehensively to navigate the evolving threat landscape successfully.
Read more »
VPN
Cyber Crime Dark Web Email Frauds Encrypted Files Retail Industry Security Guidelines User Privacy VPN

Ways in Which Online Merchants Scam Customers

When attempting to unsubscribe from an email newsletter that the user never subscribed to, one discovers a jumble of text—some of it practically grayed out—at the bottom of the message, making it virtually impossible to find an 'unsubscribe' link? A 'dark pattern' is a kind of internet design that serves to 'deceive, insinuate, and obfuscate,' as seen in that example.

The web has traditionally been rife with shady activities, from viruses to scams. Harry Brignull, a UX specialist, did not turn shedding light on the deceptive internet strategies even the most well-known brands employ until 2010. Harry coined strategies such as the moniker 'dark patterns' to emphasize how detrimental they may be to the victim's mental and financial health.

According to a Which poll, 45% of respondents said that dark patterns made them feel tricked or annoyed, and 13% said that they had been persuaded to spend more money than they had intended. According to the U.S. Federal Trade Commission, consumers end up spending 20% more money when ticket prices are not disclosed upfront. Additionally, a website's dark designs can persuade you to divulge more information than users are comfortable with.

Ways that internet shopping might lure you into splurging:
  • Free delivery minimums
  • Email reassurance
  • Advertisements with retargeting
  • Discounted loyalty programs
  • Discounts for new clients
  • Discounts dependent on subscription
Dark patterns include tricky questions, adding unwanted items to your online shopping cart, and coercing you into disclosing sensitive information. The world's most popular internet retailer, Amazon, is the one deceiving consumers the most. It employs 11 of the 12 identified forms of dark patterns listed above, some of which have sparked inquiries from the FTC and EU regulators. On the other hand, Walmart, probably Amazon's biggest rival, employs just four.

Even though some expenses might be necessary, being aware of the strategies that merchants employ to increase your purchase will prevent you from falling for them. You must have encrypted internet service to receive highly relevant adverts from businesses, that monitor your online activity across multiple websites. VPN offers the highest level of encryption. Your online activities are all susceptible to being recorded and examined by interested parties without Internet privacy protection.


Read more »
User Privacy
Backdoor Cyber Security E-Commerce Websites E-Skimming Retail Industry USB User Privacy

Retail Cybersecurity Threats Analysis

 

Cybercriminals are increasingly focusing their attention on thriving markets and enterprises, and the retail industry is no exception. Retail is a common target for hackers who want to steal both money and client information.

Customers are directly responsible for the success of any retail firm, and every incident that negatively impacts customers will have an impact on business. Financial stability is a key component of any business's success, and one of the worst effects of cyberattacks is the unpredictability of financial losses. Retailers have unique financial risks, such as the possibility that an attacker will lower the price of pricey items in an online store. The retailer will lose money if the attack is undetected and the products are sold and shipped at a discounted price.

Card skimmers, unprotected point-of-sale (PoS) systems, unprotected or public Wi-Fi networks, USB drives or other physical hacking equipment, unprotected Internet of Things (IoT) devices, social engineering, and insider threats are all ways that threat actors can access companies after physically being present there.

Threat actors can also steal or hack susceptible IoT devices using the default technical information or credentials. Last but not least, there are still more potential entry points for cyber infiltration, including inexperienced staff, social engineering, and insider threats.

Potential Threats

Unsecured Point-of-Sale (PoS) Systems and Card Skimmers: It is possible to physically plant fake card readers, or 'skimmers,' inside a store to copy or skim card data. These can also be used for other smart cards, such as ID cards, although they are frequently used to steal credit card information. In places with poor security, like ATMs or petrol pumps, legitimate card readers might have skimmer attachments. Skimmers are simple to install and use Bluetooth to send the data they collect.

Public or insecure Wi-Fi Networks: Backdoors into a company's systems can be created using rogue networks or access points, which can be put on a network's wired infrastructure without the administrator's knowledge. In order to deceive users into connecting to them and aiding man-in-the-middle attacks, they seem to be legal Wi-Fi networks. Hackers can view all file sharing and traffic sent between a user and a server on a public Wi-Fi network if the facility has an encryption-free connection.

Virus-Carrying USB Devices: Once a USB drive is plugged into a target computer, an attacker can utilize it to deliver and run malware directly on business computers. This can be done manually or automatically. Additionally, malicious USB charging stations and cables have been reported in the past. In one example, a USB charging cable for an electronic cigarette contained a tiny chip that was secretly encased in malware.

Untrained Employees, Social Engineering, & Cyberespionage: Threat actors might work out of physical places to use inexperienced workers to get access to company systems. Employees are frequently duped into giving login passwords, account information, or access to company resources through social engineering.

The transition to e-commerce is generally a positive development for retailers. However, this change of direction also poses a threat to e-commerce cybersecurity.


Read more »
Retail Industry
bad bots Data Breach data security Data threats Retail Industry

Retail Industry Remains Favorite Target of Cyber Criminals

 

The retail industry has always been a favorite target of cybercriminals. Recent studies have shown a great surge in cybersecurity threats against the retail industry that has become a fundamental business risk for retailers. Studies show cyber security threats lead to loss of customers and leave customers unsatisfied with the services of the company. Following the major data breaches that affected Target, Home Depot, and TJX — retail security threats have now become a daily concern for retailers.

Cyber attacks could be a reason for the global supply chain crisis. Any disruption could be a reason for delays in shipments and could even keep physical and digital store shelves empty throughout the season. 

Online retailer institutions have been a primary target of automated bot activities and of DDoS attacks – spiking 200% in September 2021. Bots could be designed for either good or malicious activity. A malicious bot is a self-propagating malware that hits a host and connects back to a central server (s) that acts as a command and control (C&C) center for an entire network of compromised devices, or “botnet.” With the use of a botnet, malicious actors can launch broad-based, “remote-control,” flood-type attacks against their victims. 

In 2021, monthly bad bot cyberattacks on retail websites increased up to 13%, which is double from the previous year. The research found out that this year 57% of cyberattacks that targeted eCommerce websites were carried out by bad bots. 

The study further read that in 2021 the bad bots made up 33% of the total cyberattacks on websites in all other organizations. According to the researchers, a takeover of customers’ accounts remain a big risk for customers who have login into websites with their sensitive data including credit card or payment information. 

Compared to other organizations, online retailer institutions face a higher volume of account takeover logins (32.8%) in 2021, compared to the average logins (25.5%) across all other industries. There are 4 Common Retail Security Threats that industries usually face including Refund Fraud, IOT Vulnerabilities, Gift Card Hacking, and Supply Chain Attacks. It's the pandemic effect that e-commerce has become a center for cyber threats, according to the researchers. 
Read more »
Sophos
Cyber Attacks Liege Ransomware Attack Retail Industry Sophos

Retail Industry Suffered the most By Ransomware Attacks

 

The "Sophos state of Ransomware in Retail 2021" report issued by the software and hardware giant Sophos recently, examines the magnitude and consequences of ransomware attacks in the international retail sector during 2020, especially due to the ongoing Covid-19 situation - which started then started

Including the primary findings, retailers and the education industry have suffered the greatest ransomware attacks in 2020, with 44 % of firms affected (compared to 37 % across all industry sectors). It was also found that perhaps the entire price for remedying a ransomware attack was US$ 1.97 million on an estimate, compared to a cross-sectoral average of US$ 1.85 million, taking into account downtimes, people's time, equipment costs, networking cost, wasted opportunity, ransom payments, and much more. 

Retailers were highly susceptible to a modest but burgeoning new trend: extortion-only attacks. Whilst such instances, programmers of ransomware don't encrypt data rather they threaten to publish stolen information online if ransom requests are not being fulfilled. 

More than half (54 %) of the retail industry impacted by Ransomware stated that the attackers were able to encrypt their data. The ransom was paid by one-third (32%) of individuals whose data is encrypted. The average payment for recovery was US $147,811 (below that of the world average of US $170,404). Furthermore, individuals who have paid only retrieved two-thirds (67%) of their data on an average, which leaves a third still inaccessible; and only 9% had all their encrypted data back. 

The relatively large proportion of targets affected by data theft attacks is not wholly unexpected. The service industries such as the retail sector hold data that is often subject to legal data protection legislation, and threat actors are only prepared to exploit the victims' fear of data breach fallout concerning penalties and harm to their brand image, selling and customer confidence, Wisniewski said. 

“The retail sector has always been an attractive target for cyberattacks, with its complex, distributed IT environments, including a multitude of connected point-of-sale devices, a relatively transient and non-technical workforce, and access to a wide range of personal and financial customer data.” Chester Wisniewski, a principal research scientist at Sophos, is quoted in a press release. “The impact of the pandemic introduced additional security challenges that cybercriminals were quick to exploit.” 

Researchers urge IT teams, to defend the IT networks for retailers from Ransomware and other cyber attacks, to spend resources on three key areas: the creation of comprehensive cyber threat defenses; security skill development for users, especially part-time and temporary personnel, whenever possible and investing in more robust infrastructure.
Read more »
Subscribe to: Posts (Atom)