In the rush to change how the world shops, countless retail businesses were forced to implement systems quicker than many were prepared for, leaving them without the proper time to test their solutions before fully implementing them.
Now, at the height of the 2020 holiday buying season, the high-volume transaction environment will be the first big test for many of these new assets.
Over the last year, retail organizations have had to completely reprioritize their operations based on evolving stay-at-home orders and consumer buying behaviors. The solution to staying profitable amid the COVID-19-induced economic downturn was to place online sales as the highest priority, meaning retailers had to speed up digital transformation plans to keep up with the rapid increase in digital transactions.
Bugcrowd recently studied retail’s internet footprint, going beyond just DNS entries and IP addresses to capture the relationships between the 4.5 billion internet-accessible assets. The results indicated the attack surface is rapidly expanding, increasing the motivation for adversaries to strike.
So, are retailers ready?
When solutions are implemented hastily, companies are prone to security mistakes, and the lack of continuous testing creates blind spots. These gaps in coverage, combined with the increase in shopping as we approach the holidays, creates the perfect opportunity for bad actors to exploit vulnerabilities and carry out cyberattacks.
While it is true that the retail industry is facing an unprecedented level of cyber risk this season, the situation is not hopeless. One way retail companies can enhance their security posture and bolster consumer confidence is by embracing a “neighborhood watch” approach to security that embraces a global network of researchers who can proactively identify and disclose vulnerabilities before cybercriminals can take advantage of them.
To employ the work of security researchers, retailers should start by establishing a vulnerability disclosure program and ultimately enact a public bug bounty program. These proactive initiatives invite researchers to test retailers’ critical systems and provide feedback on their security, giving retailers a continuous and comprehensive view of their attack surface.
By launching a vulnerability disclosure program and taking steps to progress toward a bug bounty program, retailers can clearly assert that they are doing everything possible to safeguard their customers' security. In turn, consumers can confidently shop knowing that their data is out of harm’s way.
