20200827 Copyright image 2020© Waitrose and Deliveroo agreement. For photographic enquiries please call Fiona Hanson 07710 142 633 or email info@fionahanson.com This image is copyright Fiona Hanson 2020©. This image has been supplied by Fiona Hanson and must be credited Fiona Hanson. The author is asserting his full Moral rights in relation to the publication of this image. All rights reserved. Rights for onward transmission of any image or file is not granted or implied. Changing or deleting Copyright information is illegal as specified in the Copyright, Design and Patents Act 1988. If you are in any way unsure of your right to publish this image please contact Fiona Hanson on07710 142 633 or email info@fionahanson.com

Second national lockdown could trigger spike in online attacks against retailers, warns Sonassi

Second national lockdown could trigger spike in online attacks against retailers, warns Sonassi

Retailers must recognise where threats to their websites lie and take action

In the midst of a second national lockdown, it is imperative retailers make every effort to ensure their IT systems are water-tight against the threat of cyber-attacks. This is according to James Allen-Lewis, development director at Sonassi.

Recent data from the UK’s National Cyber Security Centre (NCSC) revealed, it had handled a record number of cyber security incidents in the last year. With non-essential retail shops now closed until 2nd December as part of government restrictions across the UK, Allen-Lewis, warns retailers must take preventative measures against cyber-criminal activity.

“It’s likely we’ll see cyber criminals wanting to capitalise on retailers pivoting from bricks and mortar stores to online, following a second national lockdown.

“For many businesses the world of online retail is still very new and will likely have been driven by necessity, rather than choice. Smaller retailers are grappling with using card payments and online operations for the first time. Larger retailers are trying to improve their use of data to drive efficiencies and maximise profit margins.

“In doing so, this has increased the attack surface for criminals to target. While it’s understandable retailers at this time will be completely focused on driving sales, it’s important they understand where the threats to their business, notably vulnerabilities across their website, lie.” 

Elaborating on this further, Allen-Lewis says, “Firstly, any area where a user can gain extra permissions represents a risk. An obvious example would be via the admin rights for a website. If there is no protection against the admin account and this can be accessed from anywhere in the world, criminals can keep trying multiple usernames and passwords until they penetrate. Locking this down with two-factor authentication prevents this.

“Another area of risk is via a websites input boxes which any user has access to. An example might be an email box for a newsletter at the bottom of your site encouraging customer sign-ups. An SQL injection attack could see code uploaded to this email box which allows all your customer details to be downloaded by an attack. It’s imperative these boxes are monitored for any suspicious activity.

“Finally, another consideration is how customer card details are stored. If, for example, a hacker was able to obtain a user’s contact details and then logs onto a website, they could start making purchases and then check-out without ever needing that users card details. Because of this it is critical steps are taken to lockdown customers accounts. There are simple ways to prevent this. A CAPTCHA system, is a system that allows web hosts to distinguish between human and automated access to websites and stops brute force attacks of this nature.”

Allen-Lewis concludes, “The enforcement of a second national lockdown couldn’t have come at a worse time for retailers as we enter the run up to Christmas. Understandably, driving sales at this time is of critical importance but to ensure this is done with peace-of-mind, the right security practices must be implemented in order to protect customer information.”


We’d love to keep you updated with our latest news Reports Interviews and Analysis😎

Subscribe to International supermarket news Free

Related post