Black Friday and Cyber Monday retail madness is upon us, shortly to be followed by festive insanity. Retailers, the world over, are lowering prices and doing their utmost to attract customers to their mobile and digital portals (if not to high street stores themselves). This should come as no surprise, there’s big money to be made. According to Statista, worldwide mobile commerce revenues alone amounted to around £77.77 billion in 2015, a figure that is set to surpass £559 billion in 2019. But these pounds are at risk. A risk that can be mitigated, but that many aren’t aware of – the use of mobile devices.
The mobile threatscape is out there…
Mere weeks ago, a distributed denial-of-service (DDos) attack managed to take down Twitter, Reddit, Spotify, and disrupt many more businesses across the globe. While the hackers are yet to be identified, the root of the hack is clear: tens of millions of unsecured IoT devices got turned into one massive botnet.
Today there are nearly 2 billion smartphones in use worldwide. Just imagine how major a force they would be if used for a similar type of attack.
Now consider if one of these attacks were to be focused on your business. Worse still, what if the attack was aiming to bring down your mobile app or e-commerce business during Black Friday/Cyber Monday or even over the festive season. Just how much revenue would your business lose out on? The chances are thousands, if not millions of pounds would be at risk.
It will never happen, right?
As human beings we are fundamentally flawed when reacting to risk. Threats like the distributed denial-of-service (DDoS) attack mentioned above, which are significant but rare, grab our attention and scare us, like the idea of a plane crash or terrorist attack would. In fact, they scare us more than those risks that are deadly serious but very common, like car accidents and heart attacks.
The gap between the things we worry could happen and what’s actually happening around us is often bigger than we can imagine. This brings us to the mobile commerce threat present in the retail industry.
The threat is real, very real indeed
Lookout’s Securinomics Series: Measuring Mobile Security Risk on Corporate Devices report reveals that the mobile devices connecting to the corporate networks of major retailers had a significant exposure to app-based threats, with 28 serious mobile threat encounters per 1,000 devices per year. Overall, these mobile devices encountered 276 different types of app-based threats, ranging in severity from adware with low-level data leakage, to sophisticated mobile trojans like NotCompatible, which can turn a device into a botnet, much like that which took down Dyn DNS a few weeks ago, and spyware with the ability to collect sensitive communications, such as text messages and phone conversations.
These might just seem like figures, and low probabilities. But imagine, if you will, that one of these devices belongs to your CEO. Imagine the information hackers could get from that mobile device. More tactically, what if this mobile device — belonging perhaps to the head of customer service, marketing or digital — is being used to connect to the inner workings of your mobile and e-commerce platforms? What if one of those 28 devices in your retail organisation is the reason your entire mobile and e-commerce platforms go down during one of the busiest seasons in retail?
The reality is this would likely devastate your business; wiping out profits, harming consumer trust and possibly putting jobs, or the business itself, at risk of dissolution.
The scary, and the positive
The scary thing is that hackers only have to get lucky once. They only have to infect one mobile device in your business to bring it to its knees, and if they manage to infect a handful, then all the better for them.
However, the good news is, this does not have to be the case, as long as the retail industry pays serious attention to the mobile threat. Retailers even have the opportunity to change the odds in favour of their businesses. All they need to do? Start treating mobile security threats the same way they do the ones on their corporate networks, PCs and laptops. You would never give an employee a laptop or PC without antivirus protection and mobile devices should be treated no differently. Whether they are being used by your cashiers, sales teams, CEOs or execs – all devices need to be protected. If not, the damage that can be done to your business could cost you more than you could imagine, especially for a Black Friday!
G-J Schenk is vice president international at Lookout.