E-commerce continues to radically shape the retail industry, with online ‘pure play’ retailers going from strength to strength and ‘bricks and mortar’ retailers both prioritising online operations and looking to leverage the data they collect physically through new in-store technology.
Prior to the pandemic, the expansion of the traditional six weeks sales period of Christmas to Lunar New Year, to encompass ‘Cyber Monday’ and ‘Black Friday' and form a 100 day plus sales period was the largest transformation that had impacted the retail industry.
Today, after three years of adapting business operations to successfully navigate the pandemic, retailers are accelerating their digital transformation and sales efforts, with e-commerce now making up 20% of all retail sales according to McKinsey & Company, with the e-commerce market set to break US$2.1 trillion in revenue in Asia, in 2023 (Statista).
For retailers, as with any business, there comes an increasing need to ensure the protection and management of their data, especially during the busiest sales periods and holiday season, like the recent Lunar New Year celebrations.
Malicious actors choose to take advantage of organisations at this time because often a company’s usual ‘guards’ may be down, with IT and SecOps teams’ ability to respond hampered by some of their team members' participation in that event or holiday.
What attackers are really looking to test – regardless of when they choose to attack - is an organisation's cyber resilience, which is the ability to conduct operational processes or achieve business outcomes despite an adverse cyber event.
Why? Because by disrupting and holding their operational processes to ransom, in turn causing huge reputational damage and undermining customer trust, then they can dial up the pressure and demand more lucrative or even multiple ransom payments. To combat this malicious approach, here are some best practices to increase or establish cyber resilience:
Steady to be ready: To determine what potential peak loads are for your servers, remove the guesswork by using archive data to compare and contrast your capacity needs, and given the statistics quoted above, plan for a significant uptick in cyberattacks beyond what you may have experienced previously. If accessing this archive data or understanding your data is a challenging task, now is the time to deploy modern data management and security solutions.
Real-time monitoring: Preparing yourself in advance is obvious, but do you have a simple way of being alerted on your mobile phone to issues in your backup and virtual environments when it matters, especially with teams operating remotely?
Are you confident you can avoid downtime and meet your Service Level Agreements (SLAs)? Not only does this speed up troubleshooting of issues and diagnosis of root causes, but it can also enable your team to manage a potential cyberattack before malware can be deployed and data are taken for ransom.
Ditch Legacy Thinking: Your service levels from a decade or more ago, even five years ago, simply do not cut it in the digital economy of today. Legacy IT still deals in data recovery SLAs that are in hours or days…which just isn’t adequate. Modern data management platforms all you to recover in an instant, or at worst a matter of hours.
Given the amount of money at stake, and for many businesses their future existence, during the busy periods of Black Friday, Cyber Monday, Christmas, and the Lunar New Year/Chinese New Year sales period, can you afford to be offline for hours at a time?
Test and Test again: Sure, you may have a backup schedule, but that’s just not enough. Ideally, you should be able to answer questions like:
- Have you implemented the 3-2-1 approach to provide great confidence in the backup data you have stored?
- Have you thought about how you could add cloud data isolation as a ‘+1’ to this approach? How long does it take to recover your backup?
- Do you have the ability to restore a certain file individually, or do you need to do a full restore, and how long does that take?
- How often do you test your backups to ensure they work?
- How many of your backups would fail when called upon?
Asking these questions now will help you prepare for when disaster strikes, whether from a natural or technology event, by creating a level of data and cyber resilience to your operations.
Be Proactive in Your Defence: Find and isolate security scams posing as your brand and lockdown any compromised online accounts before they cause irreparable damage. Look beyond conventional perimeter security, conduct thorough checks for all attempts to connect to corporate resources from outside the infrastructure, lock down social media tools, reset passwords, and ensure your cloud applications have multi-factor authentication enabled.
Communicate & Educate Customers: Explain to customers some of the threats they and you may face from cybercriminals. The latest PwC Global Consumer Insights Survey revealed that almost a third of South East Asian consumers (32%) are ‘concerned about the privacy of their personal data when interacting’ with retail or consumer companies, which is higher than the global average and larger than other parts of the Asia-Pacific region.
Educate customers and employees alike on how to spot social engineering scams like emails with poor spelling and grammar, and how emails, texts, or social media accounts from malicious actors may ask them for confidential information. Remind them of your security and privacy procedures.
Be clear and explain to customers what you’re doing to tackle these threats and what they can do to be safer when shopping online. This level of thought and transparency will help build trust in your brand.
Meet the cybersecurity challenges that all organisations face head-on by implementing strategic technology-based data governance and security capabilities that protect both your and your customers’ data.
By adopting best practices when it comes to data management, data recovery, and data security you will not only shore up your business continuity, but you will also improve your customer relations and strengthen the reputation of your business.
