Online e-Crime & Cybersecurity Retail Summit

Securing the e-commerce revolution

13th June, 2023 • Online

 

As customers move online, hackers follow. Protecting retailers and their clients is critical. But how?

 

“We want to keep shoppers’ data, identity and privacy safe, and to ensure that the retail sector is well equipped to face the cyber challenges associated with an ever-more digital world.”
– Dr Ian Levy, Technical Director, the National Cyber Security Centre

 

Retailers and those that manage their network infrastructure are among the most frequently targeted victims of cyberattacks. According to a recent survey, 24% of cyberattacks target retailers, with credential phishing, malware, ransomware and DDoS attacks the commonest threat vectors.


It’s perhaps no surprise that the industry is so targeted. The prize for the hackers is a treasure trove of easily monetizable data. Retailers store vast quantities of payment and card data as a result of heavily digitalised e-commerce models; they retain vast troves of additional personal data to finetune the personalised marketing and e-commerce portals upon which they depend.


Retailers are also easier to hack than some other sectors. They have been forced online and on to mobile not just by COVID but by rapidly changing customer habits. So, they have to maintain constantly updated e-Commerce sites even the simplest of which rely on an ecosystem of applications, browsers and proxies that contain vulnerabilities allowing hackers to compromise all elements of the order and payment process. The recent ‘Natural Fresh skimmer’, for example, shows a fake payment popup, defeating the security of a (PCI compliant) hosted payment form.


They also have to offer omnichannel payment options, constantly expanding their attack surfaces as the next Klarna, Venmo or Zelle comes along. They interact with voucher schemes and rewards schemes, often using sophisticated EPOS machines to gather yet more data. And they rely on third party systems such as payroll suppliers which have also been hacked.

 

Retailers are also vulnerable because their customers are. Retail customers straddle all age groups and demographics, and they are themselves constantly targeted by retailers’ marketing messages online and via apps, with the consequent possibility that those messages can be copied and falsified in ever smarter social engineering scams offering discounts and deals.


The penalty for being successfully attacked is also very high in the retail sector. Brand reputation is critical and can be lost easily if customers lose money to scams. DDoS attacks on e-Commerce sites can cost seven-figure sums per hour in lost revenues (imagine a pizza company that can’t take orders – its customers are hungry not loyal).


So, why are retailers also among the most breached companies around? Just being an attractive target is not a guarantee of loss, companies must also need better defences than they apparently have.


In the past, even large retailers were very publicly not in compliance with key standards, storing passwords in plain text and ignoring basic cyber hygiene. There are still problems of transparency and taking cybersecurity seriously at significant organisations and simple hacks are still causing chaos.

 

So, what should retailers be doing to achieve cyber best practice? How can they secure such valuable and vulnerable estates? And what techniques and technologies suit them best?



The e-Crime & Cybersecurity Retail Summit will take place online and will look at how cybersecurity teams are tackling this new world. Join our real-life case studies and in-depth technical sessions from the security and privacy teams behind some of the world’s most admired brands.

  • Where can AI / ML solutions help the retail sector?

    • Online stores need proactive cybersecurity not reactive.
    • In an era of instant payments and chargebacks, mistakes are harder to rectify after the fact.
    • Are AI and ML the only answer to the problems of attack volume, stealth and sophistication in retail? 

  • Securing e-commerce: avoiding the obvious errors

    • We still find ourselves talking about Java, crosssite scripting, SQL-injection and a host of other hacking techniques which are years old.
    • Why are companies still falling victim to known problems with known solutions?
    • How can your solutions help banish the golden oldies of the cybersecurity world?

  • Zero trust, IAM and PAM

    • In retail as elsewhere, the disappearing perimeter creates a critical challenge.
    • Securing remote working, new networks and new infrastructure requires a rethink of identity and access management.
    • Is zero trust the way to go and what technologies and techniques are required to implement it?

  • Keeping customers safe to keep retailers safe

    • Mass retailing means huge customer bases, and constant digital marketing over email, SMS and social media.
    • This gives hackers an almost infinite variety of ways to trick, phish and scam their way to critical identity and payment data.
    • What technologies should retailers be using to foil these attacks and how can their customers avoid loss?

  • Securing next gen payments

    • The move towards non-cash payment methods during the crisis has been extreme and looks irreversible.
    • Consumers are faced with a bewildering array of payment methods and platforms, including crypto.
    • How do we go about securing a world in which most, perhaps all, payments are digital?

  • PCI DSS – not down, not out

    • No public breach in the card data space has occurred at companies who fully complied with the PCI DSS standard.
    • With PCI DSS 4.0, an up-to-date framework now exists and should be followed.
    • Can you help retailers comply?

Who attends

Job titles

Companies

Industries