Attempted cyberattacks against retailers increased by 20% during the holiday season last year, according to a VMWare Carbon Black holiday threat report sent to Retail Dive. Two-thirds of retailers reported being targeted by a ransomware attack in the past year.
More than half of the companies surveyed said they plan on increasing cybersecurity staff in 2020, with 40% planning to increase their security budget by at least 10%.
Seventy-three percent of surveyed retail organizations said cyberattacks have gotten more sophisticated over the past year, and 40% said they've lost revenue in 2019 due to cyberattacks. VMWare Carbon Black surveyed 20 chief information security officers from global retailers.
The cybersecurity report reiterates what many retailers already know: Online security can be a major weak spot, and the holiday season is no time to be struggling to fight cybercriminals. But continued breaches of major brands reveal that it's difficult to keep up with these ever-evolving crimes.
Macy's announced in November that it experienced a "highly sophisticated and targeted" security breach in October that potentially leaked customer payment information. Back in January, Warby Parker revealed that 198,000 of its customer accounts were targeted by unauthorized parties using stolen usernames and passwords to access account information.
Some retailer breaches have had a long-term impact beyond the inconvenience of notifying customers, providing credit monitoring and strengthening internal systems. Earlier this year, Neiman Marcus paid out $1.5 million to settle a 2013 data breach that exposed store credit card data for 370,000 customers.
The report recommends that retailers shift from a reactive position to a proactive one, with teams that can seek out threats rather than wait to be threatened. In addition, retailers should develop strategies to protect the "crown jewels" of the organization, whether it be customer data, financial information, product data or growth plans.
It's expected there are at least 6,000 e-commerce phishing sites active now, per NormShield. While retailers contend with threats to their infrastructure, it's also up to the individual customer to keep their personal data safe as they travel about the world wide web.