Christmas Campaigns: Why the Stakes are Higher than Ever for Retailers
Almost as eagerly anticipated as Christmas itself is the slew of high profile retailers’ advertising campaigns that are set to launch right about now. From cute to classy, heart-breaking to annoying – most genres will be covered, and the widest possible range of celebrities will be wheeled out to promote the annual festive shopping frenzy, with brands competing to bag the advertising spots boasting the highest audience reach.
But your favourite stores aren’t the only ones looking to capture as great a share of your spending as possible. The run up to Christmas not only means booming retail revenues, it also presents rich pickings for the Grinch-like hackers targeting UK & Ireland retailers’ online ordering and payment systems, and your credit card data.
No longer the domain of the geeky twenty-something or disgruntled ex-employees with an axe to grind, cybercrime these days is a well-organised and well-funded machine. And with credit card data attracting a buoyant market value on the dark web, particularly for cards issued by triple-A credit referenced Western banks, it’s not hard to see why online retailers during peak period represent a very attractive target market. And why cybercriminals invest so many resources in their attacks…
Using intelligence gleaned as part of the ongoing threat research and consultancy carried out by Cisco’s security experts, we compare the tactics being used by UK & Ireland retailers as part of their Christmas 2016 campaigns with those likely to be used by the cybercriminals who target them:
|Retailer Campaign Tactic:||Cybercriminal Campaign Tactic:|
|Personalised suite of integrated communications – sent via email, text message or social media, highlighting specific products or special offers including discounts and bulk buy incentives to tempt you to spend.||Spear-phishing messages – sent via email and increasingly social media, purportedly (and convincingly) from a retailer you know, sent by hackers who want to steal your credit card and bank account details and password.|
|Digital advertising – across online and social media, inviting you to click on a graphic leading you to an ecommerce site offering an array of attractive goods.||Malvertising – malicious advertisements injected into legitimate online advertising networks and webpages, infecting your device, which can then be controlled remotely and personal data harvested.|
|Customer experience – short response times and multi-channel access to staff with access to detailed tracking information about customer orders.||Guided payment and recovery – underground ‘professionals’ who walk victims of attacks through the process paying and (if they are lucky) restoring their data.|
|Technical support – post-purchase support offered to get customers up and running with complex (often electrical) products to ensure they get the most out of their purchase and reduce rate of returns.||Technical support scams – fraudsters contacting customers purporting to be from technical support and tricking them into disclosing personal and/or financial data, including credit card/bank account details.|
So what can retailers do to protect their systems and – importantly – their customers during this year’s Christmas shopping bonanza? Here’s our hit-list of top tactics to secure retail systems:
- Use predictive analytics to structure data to enable informed, strategic decision-making.
- Protect any and all data around processing of cards – comply fully with PCI DSS.
- Build in security by using your network infrastructure as a security sensor, leveraging critical data a bolt-on managed service will almost certainly miss.
- Identify internal indicators of compromise by analysing outbound traffic.
- Don’t forget about the old favourites – DDoS attacks are still important to the retail industry, particularly at predictable peaks such as Black Friday/Cyber Monday.
For more information on how Cisco helps our retail customers protect themselves from cybersecurity attacks at Christmas and all year, download this overview or visit our Cybersecurity for Retail webpage.