e-commerce in

(Source – Shutterstock)

E-commerce: Providing customers the best gift they could ask for

Getting your Trinity Audio player ready...

Article by Ravi Rajendran, Vice President, APJ, Cohesity

The retail industry continues to be radically reshaped by the shift to e-commerce, driven by digitization, with online ‘pure play’ retailers going from strength to strength and ‘bricks and mortar’ retailers prioritizing online operations and looking to leverage the data they collect physically through new in-store technology.

Prior to the pandemic, the biggest impact on the retail industry was the expansion of the traditional six weeks sales period of the Christmas to Lunar New Year sales, to encompass ‘Cyber Monday’ and ‘Black Friday’, forming a 90-day plus sales period that makes or breaks retailers financial performance. Fast forward to today, after almost three years of adapting to the challenges posed by the pandemic with retailers’ accelerating their digital transformation efforts, e-commerce is having the largest transformative impact on retail sales cycles, making up 20% of all retail sales according to McKinsey & Company, with the e-commerce market set to break US$2.1 trillion in revenue in Asia, in 2023 (Statista).

The acceleration of the e-commerce model is not earth-shattering news. However, the importance of the IT infrastructure and systems as the backbone of digitalization and e-commerce is often undervalued, with governing and protecting the data it generates an even lesser priority. Consider the depth and breadth of the IT software or systems that power digital business, and the data that is generated in every online interaction. Imagine the amount of data being collected through every marketing and online activity. For retailers, like any business, this means the challenge of governing and protecting their data is intensifying.

Implementing the right data management and security approach is vital, be it in e-commerce or physical retail. The last thing retailers need during one of their busiest sales periods is to be hit with a lack of data availability, or worse, fall victim to an orchestrated cyberattack resulting in a revenue and reputation-busting data breach. With cyberattacks occurring more frequently than every 11 seconds (Cybersecurity Ventures) and the Cybersecurity Agency of Singapore (CSA) finding ransomware increased by 54% from 2020 to 2021, the unfortunate reality is a cyberattack can occur at any time.

Ravi Rajendran, Vice President, APJ, Cohesity

Data security and cyber resilience is fundamental for businesses because whenever money is exchanged there are exploit risks from a nefarious actor. At any time, especially during a major sales season,  retailers’ IT systems are tested by both positive and nefarious online activities, which means ensuring appropriate capacity is in place to support these unusually high demands and growing order volumes is vital. Retailers need to manage the risk of cyberattacks like ransomware that bring online operations and trade to a halt, resulting in a loss of sales and often irreparable damage to customers’ trust in their brand.

Most organizations understand that cyber threats are increasing and that attacks are becoming more sophisticated, with their potency and frequency of attacks intensifying. Malicious actors choose to take advantage of organizations – especially during ‘busy times’ like Lunar New Year, Christmas, or Easter – because this is when their usual ‘guards’ may be down, with IT and SecOps teams’ ability to respond hampered by some of their teams’ participation in that event or holiday. With less capacity to monitor systems or networks and conduct regular data backups, they may also be flooded by various types of cyberattacks such as a DDoS or malware attack, and they may also be relying on legacy technology that wasn’t built to withstand sophisticated cyberattacks.

What attackers are really looking to test – regardless of when they choose to attack – is an organization’s cyber resilience, which is the ability to conduct operational processes or achieve business outcomes despite an adverse cyber event. Why? Because by disrupting and holding their operational processes to ransom, in turn causing huge reputational damage and undermining citizen or customer trust, then they can dial up the pressure and demand more lucrative or even multiple ransom payments. To combat this malicious approach, organizations need to do more than just be aware of the increased threats but take appropriate action.

Organizations need to develop a game plan centered around empowering their IT and Security teams to tactically come together with the shared goal of establishing or maintaining cyber resilience at a people, process, and technology level because their ability to counter-attack is defined by where their critical data is stored, how it is secured, and how quickly it can be recovered to restore processes and achieve outcomes.

Crucial cyber resilience questions that organizations should be able to answer with the right technology approach and capabilities include:

  • Can you restore files individually or do you need to do a full data restore, and how long does this take?
  • Do you have immutable backups?
  • Is your data encrypted in transit and at rest?
  • Do you test your backups against targeted recovery time or point objectives?
  • Have you implemented a 3-2-1 approach to backing up your business-critical data?

Priorities and areas of focus should also be centered around cybersecurity fundamentals, with a focus on increasing the coverage and effectiveness of core security controls. In many of the most recent and impactful breaches around the world, attackers are getting access to critical systems and sensitive data by exploiting basic vulnerabilities that exist in the security posture. Go beyond conventional perimeter security, lock down social media tools, reset passwords, and ensure your cloud applications have multi-factor authentication enabled.

Educate customers and employees alike on how to spot social engineering scams like emails with poor spelling and grammar. Remind them of your security and data privacy procedures. Be clear and explain to customers what you’re doing to tackle these threats and what they can do to be safer when shopping online. This level of thought and transparency will build trust in your brand.

To meet the cybersecurity challenges that all organizations face head-on by implementing strategic technology-based data governance and security capabilities that protect both your and your customer’s data. By adopting best practices when it comes to data management, recovery, and security you will not only shore up your business continuity, you will improve your customer relations and strengthen your business’s reputation.

The views in this article is that of the author and may not reflect the views of Tech Wire Asia