Dubai: As the holiday shopping season begins, cyber savvy retailers in the Gulf stand to reap the benefits of substantial growth in the e-commerce sector.

However, while e-commerce enjoys rapid growth, global attack trends indicate that the retail support sector continues to be a popular target for cybercriminals. For example, the cybercriminal operation “MageCart” targets online retailers by creating websites that mimic their victims’ websites and inserts malicious code to capture card data.

Physical point-of-sale (POS) terminals are another weak spot for retailers. Transnational groups such as FIN6 target companies providing POS services to retailers and have shown skill compromising networks to access payment card data stored on POS terminals.

Cybercriminals are also targeting computers throughout the Middle East to mine cryptocurrencies. According to Symantec, the skyrocketing and volatile prices for cryptocurrencies in the last quarter of 2017 spurred a significant increase in infection rates. So-called “cryptojackers” compromise websites of popular brands and upload malicious script to infect web browsers of unsuspecting visitors. Once a customer visits an infected website using insecure means, the malicious script begins siphoning computing power to mine cryptocurrency.

Jay Townsend, Principal at Booz Allen Hamilton, said: “While e-commerce is enjoying rapid growth in the Gulf, it has been popular far longer elsewhere in the world and cybercriminals have gained decades of experience honing their craft targeting consumers and companies online. Gulf-based retailers and their infrastructure are increasingly being targeted with advanced malware variants to intercept payment card data and communications. This signals the need for greater cybersecurity vigilance among both retailers and customers.”

Ziad Nasrallah, Principal at Booz Allen Hamilton, added: “In the UAE specifically, the rise in e-commerce is heavily driven by mobile-first habits and one of the world’s highest smartphone penetration rates. Given increases in mobile shopping throughout UAE and wider Gulf region, cybercriminal networks will continue to increase their operations given the target-rich environment. It is imperative for retailers and consumers to protect themselves from attacks that could cause tremendous financial or reputational damage.”

With these realities in mind, retailers and consumers in the Gulf need to anticipate cyber threats and plan accordingly to ensure safe and secure holiday shopping. Booz Allen Hamilton outlines a few top tips for retailers and customers to protect themselves against cyber threats during the upcoming peak festive season.

Tips for retailers:

  • Remember, cybercriminals prefer easy targets

Poorly maintained websites and unsecured e-commerce platforms are attractive to cybercriminals. These criminals are not simply after financial data; customer information such as purchasing habits or personally identifiable information is often more valuable. Like payment card numbers, this data can be sold on Dark Web forums and lead to identity theft or exploitation. Similarly, if a security-hardened retailer works with a third-party supplier with weak security hygiene, attackers will target that supplier to access the retailer. Since the supplier enjoys trusted access to the retailer, attackers will exploit that trust – leaving even cyber-secure retailers vulnerable.

  • Do not wait until it’s too late

Retain the services of a managed security services provider (MSSP) in advance. It is easier to anticipate and prevent a cyber incident than clean one up. MSSPs provide a range of security services to keep businesses online including denial-of-service protection, reputation monitoring, threat forecasting, and incident response.

  • Develop and rehearse response plans

Even with preparation and a business continuity plans, cyber incidents are only a matter of time. Developing a response plan is only part of the battle. Plans and staff must be tested through exercises and simulated crises so company employees, from cashiers to C-suite executives, know exactly how to respond when an incident occurs.

  • Update often

Outdated software poses a threat to the security of payment systems and customer data so retailers must establish software management regimes to regularly apply security patches. Technology vendors publish updates that address flaws and vulnerabilities on an ongoing basis. The single greatest thing a retailer can do, aside from purchasing the right technology, is properly caring for it.

  • Monitor social media and online discussions

Competitors or insiders can disrupt a brand’s online presence. Online presence is a primary driver of revenue, brand recognition, and traffic for both online and physical stores. This includes not only official websites but also social media and related forums. Retailers should monitor online discussions about their brands as it is easy for malicious actors to execute negative online campaigns that quickly go viral. Additionally, rogue employees can hijack social media accounts and publish offensive or false information, causing reputational damage. An insider or motivated social media manipulator can inflict damage on par with or exceeding a malware-based attack.

Tips for consumers:

  • If it seems too good to be true, it usually is

If you are a customer, remember that cybercriminals are aware of holiday shopping habits and employ different tactics to successfully target unsuspecting customers. The most common threat targeting consumers is phishing via email or text message to advertise seemingly good deals that are scams tricking people into revealing financial data or allowing malware onto their devices.

  • Trust your intuition

As a consumer, the anticipation of receiving online purchases can often create a false sense of security so cybercriminals often exploit fake shipping invoices, customer surveys, or other communications to target the public. Be wary of unexpected emails and never divulge personal information. A common tactic cybercriminals use is to call individuals and ask them for personal information as verification to confirm a nonexistent order.

  • Look for the lock icon

When online shopping, look for the padlock icon in the address bar that indicates data sent to the website, including payment card information, is protected to minimize data exposure to potential eavesdroppers.

 

  • Be skeptical of online reviews

Astroturfing is a tactic used by both legitimate and unscrupulous sellers to minimize negative product reviews by hiring teams to generate fake positive reviews. Signs of astroturfing often include numerous vague, short reviews posted in short succession. On established e-commerce sites selling thousands of products, astroturfing can disguise inferior, fake or even dangerous products.

 

-Ends-

About Booz Allen

For more than 100 years, Fortune 500 business, government, and military leaders have turned to Booz Allen Hamilton to solve their most complex problems. In the Middle East and North Africa region, we have more than six decades of experience solving the most difficult management and technology problems through a combination of consulting, analytics, digital solutions, engineering, and cyber expertise. With regional MENA offices in Abu Dhabi, Beirut, Cairo, Doha, Dubai and Riyadh, and global headquarters in McLean, Virginia, our firm employs more than 24,600 people and had revenue of $6.17 billion for the 12 months ending March 31, 2018. To learn more, visit BoozAllen.com. (NYSE: BAH)

Regional Media Contacts
Hala Akiki                                                              
Booz Allen Hamilton                                           
T +971 4 511 9511                                             
M +971 52 6807599                                          
Akiki_hala@bah.com                                         
Lama Barr             
BPG Orange                                         
D + 971 4 506 5581
Lama.barr@bpgorange.com

© Press Release 2018

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.