The 2024 Verizon Data Breach Investigations Report notes that there were 725 known data breach incidents in the retail sector for the year ending in late October 2023. An estimated 369 of those resulted in confirmed data disclosure. From ‘credential stuffing’ to phishing to exploitation of vulnerabilities, cybercriminals have many options to violate consumer data privacy, disrupt store and warehousing operations and execute denial of service.
One of the cybersecurity challenges in retail is the very nature of operations, i.e. dispersed workers in multi-location stores, warehouses sprinkled around regions and those working in internal IT systems with varying architectures and platforms. However, what they all have in common is working on endpoint devices, whether a stationary desktop, mobile devices or warehouse tablets. If they touch data, they can be the thruway to a data breach.
Given the nature of this diverse end user computing environment, defending against cyberthreats requires a three-pronged strategy:
Executing preventative security measures at the endpoint
Improving the endpoint management of distributed IT systems
Enhancing individual education and awareness of cyber threats among both permanent and seasonal hires.
Threat Prevention
The endpoint remains fertile ground for cyberattacks and data breaches, exposing a retail organization to costly downtime, and the increasing predilection of consumers to tackle the issue head-on with class action suits. A high-profile case involves several lawsuits filed against Temu, in which users of the Temu app alleged that it is “loaded with tools to execute virulent and dangerous malware and spyware activities on user devices,” and thereby violates customer privacy rights.
Temu’s legal troubles are just one example of customers’ intolerance of data privacy abuse. It can happen purposely, as the suit alleges, or in the case of a ransomware attack, it can hold valuable data hostage and put millions of customers’ privat