2023 saw a new record for UK retail, and it wasn't good. Last year there were more than 16 million incidents of shoplifting. This is more than double the previous year and cost retailers £1.8 billion; losses in the first year exceeded £1 billion.
So how can retailers stop shoplifting? There are many things you can do as individuals. More store patrols, CCTV and security tags can help. But if reports are to be believed, it is not just opportunistic theft that is on the rise. Organized theft is also much more common: Instead of a single person surreptitiously hiding an item, gangs attack a store, sometimes leaving it almost bare.
The problem is so serious that the government and the police have intervened with an initiative they have called “Pegasus.” By coordinating shoplifting reports and the use of police databases, the idea is to collect enough information so that police can target organized crime gangs and take them down.
Alarms and security tags may deter the casual burglar, but preventing organized gangs requires collaboration. Online retailers should take note.
Cyber Intelligence Leader, Cyjax.
Keep cybercrime under control
It is understandable that companies of any type remain silent about the cybercrimes they experience. No company wants to announce that it is vulnerable to attacks, as doing so can lead to more attacks. Companies want to keep their reputation intact and don't want people asking if they can be trusted after an attack. While there may be regulatory disclosures that cannot be avoided, many companies will go to great lengths to keep cybercrime quiet.
This is even more true for customer-facing businesses such as online retailers. Whatever the reality of integrated payment gateways, secure customer authentication, and PCI compliance, customers are turning to online retailers to keep their data safe. If they feel that a site is compromised or is a regular victim of cyber attacks, it could affect customer loyalty, or even the customers who visit it in the first place. It is not a misplaced fear. One survey found that 59% of consumers would stop purchasing from a retailer if they were the victim of a cyberattack.
There is certainly a problem with unreported cybercrime, but it is obviously difficult to pin down and figures are difficult to come by. A consumer survey found that only 16.6% of fraud is reported, and while that is difficult to translate directly to retailers, it suggests there is a reluctance to report cybercrime when it can be avoided.
Honesty and collaboration
What are the cybercrimes that most affect online retailers? Beyond attempts to infiltrate systems, as with any business, there are also account takeovers, ransomware, card decryption, and other payment fraud attempts. There are also more sophisticated attacks that involve buying limited stock through bots and reselling it on third-party sites.
What these attacks have in common is organization: either it's a group that uses tools to attack online retailers or it sells access to tools to do so. For example, many account takeovers use “merge lists” of emails and passwords stolen from elsewhere, leaving anyone who reuses a password vulnerable. Card cracking is the use of lists of payment card numbers to do the same thing. This information is stolen and sold on dark websites, often by professional hacking groups. Many sophisticated attacks use bots, created by organized gangs that use or rent them. Ransomware attacks are launched by groups that often boast about their success.
Organization means a need for structure and communication, most commonly on the dark web. The relative secrecy and anonymity that these groups can enjoy in this space (not to mention their safety from law enforcement) means that plans can be discussed relatively openly and attacks can be launched without warning.
We can't expect a retailer to have its eyes on all this activity. But what they can do is collaborate. Being open about the cyberattacks you are experiencing can give others an idea of what they might be missing or what they can soon expect. Working together on ways to share intelligence, both internal and external, means all companies will be better prepared.
When a retailer suffers a cyberattack, a very reasonable response is to think: I'm glad it wasn't us. But a better answer is: what happens when it's us? Just as retailers are working together to stem the tide of shoplifting, they need to collaborate to defeat the gangs doing the same thing online.
Link!
This article was produced as part of TechRadarPro's Expert Insights channel, where we feature the best and brightest minds in today's tech industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here:
