It’s been a tricky year to date, for Australia’s retail sector. The ongoing cost of living crisis has seen consumers and businesses alike pull in the purse strings and look for savings wherever they are to be found.
Putting off major purchases, seeking out budget alternatives and slashing discretionary spending is the order of the day, for a large proportion of the population.
The first quarter of 2023 saw 11.6 per cent and 4.3 per cent reductions in spending on household goods and apparel respectively, according to CommBank’s Cost of Living Insights Report May 2023.
That’s bad news for retailers, particularly those that rely on discretionary dollars to stay afloat. With sales and margins under threat, they’re having to batten down the hatches too; finding ways to reduce overheads and outgoings, and boost efficiency across their operations.
Security in the spotlight
Tougher times mean shoplifting is on the rise. Store theft rose 23.7 per cent in NSW between 2021 and 2022, according to government data. As a result, businesses are having to invest more in monitoring and security systems, to reduce shrinkage and protect their margins.
Meanwhile, there’s another less conspicuous form of security that also requires retailers’ urgent attention: cybersecurity.
Globally, there’s been an unsettling surge in incidents and attacks in recent months, as ahead-of-the-curve perpetrators have harnessed the power of next generation technologies to extort and destruct ill prepared corporate victims.
Ransomware groups have stepped up their game; exploiting vulnerabilities in commonly used corporate software and shifting their focus from data encryption to data theft, according to the Check Point 2023 Mid-Year Security Report. USB devices have resurfaced as significant threats and are being used as vectors for infecting organisations.
Artificial intelligence, meanwhile, is proving itself a powerful weapon, with generative AI tools being used to craft phishing emails, keystroke monitoring malware and basic malware code.
Under attack
Top of the hackers’ hitlists? Unfortunately, it’s the hard-pressed manufacturing and retail sectors which have seen the most victims to date, globally. There’s no reason to assume Australian retailers aren’t squarely in their sights too, and a headline making incident is only a matter of time.
When one occurs, the costs can be crippling, both financially and reputationally. The average cost per cybercrime report was $39,000 for small businesses, $88,000 for mid-sized players and $62,000 for large businesses, according to the ACSC Annual Cyber Threat Report 2022.
But, for larger retail chains in particular, the cost of a major attack could be exponentially higher. Having operations grind to a halt over the Christmas period, for example, could mean the loss of tens of thousands, even millions, of dollars per day. That’s vital revenue brands can ill afford to lose.
Getting serious about protection
Maintaining rigorous security hygiene across on-premises, cloud and hybrid networks can help make retail businesses tougher targets.
Keeping computers up to date and applying security patches limits vulnerability to ransomware attacks, while enforcing a strong password policy and multi-factor authentication makes it harder for bad actors to steal employees’ log in credentials.
Ransomware attacks frequently begin with a phishing email which tricks the recipient into clicking on a link or opening a malicious attachment, thereby kicking off the process of installing and executing the malicious code. Employees are the first line of defence and conducting cyber awareness training that teaches them the classic signs and language used in phishing emails can help foil attackers’ attempts to gain an ‘in’.
And should they succeed in doing so, anti-ransomware solutions which monitor programs for suspicious behaviour can take action to prevent further damage being done.
Implementing a robust data back-up process can prevent a ransomware attack from becoming a full-blown disaster. Given the object of the exercise is to force the victim to pay a ransom, in order to regain access to their encrypted data, having an up-to-date, secure back- up solution is a smart, cost-effective way to mitigate the impact.
Finally, prevention is better than cure. AI-powered threat detection technology that scans and monitors emails and file activity is fast becoming an indispensable ally, for retailers that want to strengthen their defences and maintain a robust cyber-shield against a vast array of attacks.
Securing the future
The next few months are likely to be challenging ones, as brands battle to retain their share of the dwindling consumer spend. For retailers already struggling to stay afloat, a significant cyberattack may not be a survivable event. Against that backdrop, investing in systems and processes to mitigate the risk is likely to prove a very good move.
Les Williamson is regional director for Australia and New Zealand at Check Point Software Technologies.