In April 2020, nationwide lockdowns across Southeast Asia led to a collective shift in the region’s shopping habits. Since the pandemic started, online shopping went from being a convenience to a necessity overnight, heralding the addition of 70 million new shoppers, according to Bain & Company.
Two years on, the digitalisation of the retail industry has proved to be a beacon of optimism as it moves towards a trajectory of growth, with Google and Temasek forecasting the e-commerce industry to grow to $7.5 billion by 2026. Buoyed by strong online consumption, the industry looks poised to contribute to the region’s 5.1% growth forecast by the Asian Development Bank.
Indeed, the digitalisation of the industry has provided small businesses with a low barrier to entry for commerce and access to a wider pool of customers; while creating various jobs across the ecosystem, from delivery riders to fulfilment specialists.
This boom has been underpinned by merchants’ willingness to implement innovative digital tools, ranging from new payment methods to AI-led customer service solutions, as they look to maintain customer service standards in the digital marketplace.
At the same time, digitalisation has been a double-edged sword. The fact remains that online retail platforms are attractive targets to cybercriminals, with research by Palo Alto Networks indicating that 30% of retail organisations in ASEAN have seen more than a 50% increase in cyberattacks in 2021. From stealing credit card details and directly making illegal purchases, to putting up personal information for sale on the dark web, savvy cybercriminals have many avenues to exploit potentially valuable data.
As the retail digital ecosystem continues to expand, businesses are likely to add more third parties into the purchasing ecosystem – from suppliers to vendors and service providers – which would inevitably expand the threat surface and provide savvy cybercriminals with more avenues to exploit valuable data.
See also: Conducting secure data movements in the cloud symphony
The multi-faceted threat landscape
The uptake of Internet of Things (IoT) devices across supply chains has been a key driver behind the digitalisation of online retail. IoT solutions such as the adoption of radio-frequency identification (RFID) technology are streamlining the customer journey and providing an integrated shopping experience, online and offline.
Despite the convenience it brings, business leaders have to acknowledge that IoT is a business necessity that introduces risk and opens up opportunities for cybercriminals to leverage IoT devices as entry points into the network.
See also: 80% of AI projects are projected to fail. Here's how it doesn't have to be this way
In addition to IoT solutions, retailers are expanding their capabilities in Wi-Fi connectivity, interactive systems and next-generation Point of Sale (POS) systems to improve the customer experience. With these changes, the traditional network architecture will not be sufficient to keep these new technologies up and running. Businesses will have to explore new cybersecurity solutions to ensure a smooth digital transformation and guard against attacks launched by opportunistic attackers and hacktivists.
A report by Forrester revealed that the median cost of a security breach in Asia Pacific is US$2.2 million. In an extremely competitive space, such a hit can be detrimental to a business. Beyond the immediate disruption to operations, research by Palo Alto Networks also showed that organisations fear that a failure to safeguard customer data will result in reputational damage and an inevitable loss of trust among customers.
In addition, organisations are also subject to regulatory scrutiny if reasonable security is not in place to protect the customer data entrusted to them. In Singapore, fashion retailer Love, Bonito was very recently fined $24,000 for a data breach in 2019, involving 5,561 customer records. For companies with millions of customers, a large-scale breach would likely result in fines amounting to millions of dollars.
As online retailers look to strengthen their digital foundations and gear up for post-pandemic growth, here are some key steps retail players can take to strengthen their cybersecurity posture.
Prioritise consumer education
As businesses speed ahead in their digital transformation journeys, they will need to bridge the gap between digital consumption and digital literacy among consumers. Businesses have to guide customers toward becoming more vigilant and educate themselves on the latest iterations of e-commerce scam types.
Within the region, high-profile scams have targeted the vulnerabilities of the consumer. For example, cybercriminals have added ‘smishing’ into their arsenal of tools and exploited consumers’ trust in their bank provider to scam unsuspecting victims.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
Fortunately, this is not a task that companies will have to undertake alone. This year, the Inter-Ministry Committee on Scams will introduce E-commerce Marketplace Transaction Safety Ratings. This is a coordinated effort across ministries, such as the Ministry of Home Affairs and the Singapore Police Force, as well as the private sector to combat scams of all natures and propose countermeasures.
Build smarter IoT security
With more devices connected today than ever before, adversaries have more avenues to access and exploit sensitive business data.
In an environment where cybercriminals are getting savvier by the day, retailers will need a security solution modelled after a prevention-first approach, rather than an “alert-only” one. By doing so, businesses can gain complete visibility of all connected devices and eliminate the risk of managed and unmanaged devices across retail stores, warehouses and distribution centres.
Adopt the principle of “never trust, always verify”
The concept of Zero Trust continues to ring true more than ever today. Zero Trust is a strategic approach to cybersecurity that secures an organisation by eliminating implicit trust and continuously validating every stage of digital interaction. Guided by this principle, businesses can establish rapid response capabilities to quickly address the early signs of a breach.
This is especially crucial for online retailers, who work closely with many third-party vendors in every stage of the journey, from payment vendors to delivery and fulfilment partners. With more parties involved, this inevitably expands the attack surface, providing more potential vulnerabilities for cybercriminals to exploit.
Where third-party payment service providers are involved, retailers will need to ensure that every step of the consumer journey is secured and prevent potential breaches. Setting up a zero-trust architecture can mitigate these risks by ensuring continuous validation for digital interactions that happen across the supply chain.
Retailers must no longer adopt an “Allow and Ignore” model where once an entity is authenticated, they’re free to do what they like. Users, services and devices inside the network or cloud must be constantly monitored for anomalous activities.
Business leaders cannot ignore the importance of cybersecurity in this evolving landscape as the retail industry makes up one of the largest sectors in Singapore, according to Mordor Intelligence. Creating a safe environment for online shopping and digital transactions takes a collaborative effort from both e-commerce players and customers and all parties will have to act swiftly to safeguard what matters.
Ian Lim is the field chief security officer for Asia Pacific at Palo Alto Networks
