Exclusive: Protecting retailers from hackers during holiday season


Share this content


The holiday season is often the busiest time of year for retailers. This year, they must prepare for more than the usual increased demand and supply chain strain. They must also defend against cyberattacks.

In 2013, hackers stole the credit card information of 40 million Target customers in the first three weeks of the holiday season. Cybercrime has only grown since then, skyrocketing in the past two years in particular. As the holidays approach once more, retailers can no longer afford to ignore this trend.

Why retailers are a target

Retail may not be the first industry to come to mind when thinking of cybercrime-prone sectors, but perhaps it should. In 2020, 24% of all cyberattacks targeted retailers. Considering the vast amounts of personal data these businesses store today, this shouldn’t come as a surprise.

Since the boom of e-commerce, the retail sector has grown increasingly data-centric. Many of these companies use AI to personalise recommendations, which relies on collecting vast amounts of user data. If hackers can infiltrate these systems, they could access names, addresses and financial information for millions of customers.

Retailers also make ideal targets because many of them lack proper cybersecurity measures. The industry isn’t used to dealing with cyber threats the way sectors like finance and technology are, so many businesses are unaware of the threats they face.

Why the holiday season increases cyber risks

During the holiday season, retailers become an even more tempting target for cybercriminals. Increased shopping means these businesses have more money and data flowing through their systems. A successful attack at this time would be far more profitable than another time of year.

The FBI and Department of Homeland Security have also noticed an uptick in cybercrime around other holidays. Since workers tend to be out of the office during these times, there’s no one to respond to potential breaches. Consequently, hackers are more likely to succeed when they attack on a holiday.

This holiday season could be especially risky. The National Retail Federation expects record-high holiday spending and cybercrime has seen a troubling rise throughout the COVID-19 pandemic. Retailers must prepare for a wave of cyberattacks to stay safe.

What can retailers do to stay safe?

One of the best ways retailers can protect themselves is by limiting who has access to sensitive customer data. Restricting access privileges will ensure that not all breached employee accounts can jeopardize customers’ information. Similarly, segmenting this data into separate, secured databases will mitigate any potential breaches.

Since hackers prefer to attack on holidays when IT staff are out of the office, retailers should consider automated threat detection. Automated solutions could also help detect malicious code that appears on e-commerce sites like credit card skimmers.

Retailers should also take steps to secure customers’ online shopping accounts. Requiring multi-factor authentication can help secure e-commerce users’ accounts. Customers may use weak passwords, but if logging in also requires a second verification step, breaches will be far less likely.

As Internet of Things (IoT) sensors become increasingly popular among retailers for omnichannel shopping experiences, stores must secure them. Enabling data encryption and hosting these devices on separate networks from sensitive data will stop them from becoming entry points for hackers.

Stay safe this holiday season

The holiday shopping season will likely bring a wave of cybercrime with it. While this is certainly a troubling issue, it’s not one without an answer. If retailers understand what threats they face and take appropriate action, they can keep their workers’ and customers’ data safe.

Cybersecurity is a relatively new concern for the retail industry, but it’s an essential consideration. As hackers keep targeting stores during the holidays, businesses must adopt stronger security measures. Otherwise, data-driven business models may cause more problems than they resolve.

Devin Partida is a technology writer and the Editor-in-Chief of the digital magazine, ReHack.com. To read more from Devin, check out the site.

Receive the latest breaking news straight to your inbox