While consumers are gearing up to shell out on holiday gifts, they’re also wary of cyber predators during the busiest shopping season of the year.
According to a 528-person survey conducted by the Cyber Readiness Institute (CRI), which provides tools and policies to mitigate cyber security risks, nearly two-thirds of consumers think small businesses should provide the same protections against online threats as large retailers.
But for many of those surveyed, expectations don’t line up with reality. Only one-third (33 percent) of shoppers have confidence that small businesses are able to protect their security and privacy as effectively as large retailers.
Consumer confidence is even lower for small businesses that have been hacked in the past. Nearly half (45 percent) of respondents said they would be less likely to shop at a retailer that had experienced a breach in security, and almost one-third (31 percent) said they would never shop at a retailer that had been compromised.
“Security sophistication depends on a number of factors. Overall, the larger the retailer, the better the cyber security protections they’ll have in place,” said Chris Hickman, chief security officer at Keyfactor, a digital security technology firm.
“Medium and small-sized retailers struggle the most—implementing proper security can be overwhelming and costly on a smaller scale. Equally concerning is the fact that they overwhelmingly lack the detection methods to know an attack is happening or has happened,” he added.
Retailers are a frequent target for cyber-attacks because they have more access points than any other industry, Hickman said. And despite the security investments retailers of all sizes have made, “many still operate with inadequate or legacy infrastructure on their network, like unpatched systems, weak passwords and network security,” he added.
While the Payment Card Industry Security Standards Council (PCI) has provided guidance for retailers, Hickman said the industry still has a long way to go in mobilizing effectively against threats.
The issue of cyber security is one that small retailers must face head-on, and fast. Online shopping has proven to be a way of life for many consumers, and that trend shows no signs of slowing. During last year’s holiday shopping season, consumers spent $122 billion online—up more than 17 percent year over year, according to CRI’s report.
That trajectory is on pace to skyrocket over the 2019 holiday season, with the vast majority (87 percent) of consumers saying they plan on making purchases online, and 35 percent saying they plan to shop with a small business over the next two months.
That influx of business could reveal vulnerabilities in retailers’ systems, Hickman said. “Data is data and therefore has value at all times—however many larger retailers will purge customer data systems on a periodic basis, making attacks after busier seasons more likely,” he said.
Consumers have cottoned on to those risks, and they’re prepared to react accordingly. More than half (55 percent) of surveyed shoppers said they had stopped themselves in the middle of making an online purchase due to privacy concerns, CRI data shows.
“Hackers are continually shifting their attack strategies and tactics,” said Hickman. “Beyond point-of-sale compromise, attackers will try to mimic customer behaviors and look for easy access points or potential weak spots like open networks at retailer distribution or store sites.”
Whether large or small, retailers need to look at security holistically, Hickman said. They must adopt policies, technology and security processes “that protect and secure everything from multi-location communications and company-owned computers—anywhere that houses sale and customer data.”
That could mean moving critical systems to the cloud, he said, or investing in specialized tools to manage security across channels. “Generally, systems can provide better protection and security at a scale that is hard for even the largest retailers to replicate,” he said.