Explainer: How Retailers Can Fight a New Wave of Cyberattacks
Last week, Victoria's Secret went dark.
On May 28, the lingerie giant shut down its website following a 'security incident,' the company said in a statement. (It did not confirm what caused the disruption). While the site was only down for two days, it likely cost Victoria's Secret millions in sales, adding another hurdle to its ongoing turnaround plan under new leader Hillary Super. The company's stock dropped as much as 8 percent the day it closed its site.
It was just the latest technological dustup in a wave of cyberattacks on some of fashion's biggest brands and retailers. Bloomberg reported that in January hackers accessed some of Dior's customer data, then in April, UK-based high street retailer Marks & Spencer was forced to stop taking online orders after a security breach and in May, Harrods briefly restricted website access after hackers attempted to break into its systems.
For years, the threat of security breaches — where individuals and organisations hack systems to access customer data such as contact information and credit card details — have haunted companies across industries, from Target to MGM Resorts. The frequency of these attacks is only growing: In 2024, the number of individuals and groups targeting companies' systems that cybersecurity consultancy S-RM engaged with across 600 incidents grew 96 percent year over year.
These attacks can be extremely detrimental to a company's bottom line: Marks & Spencer still hasn't reopened its e-commerce operations, and doesn't expect to do so until July. The incident will likely end up costing the company as much as £300 million ($404 million) in lost profits. But the impact can be even further-reaching. Many cyber criminals require companies to pay multi-million dollar ransoms to regain access to their networks and even once the attack is over, retailers must work to avoid sustaining lasting reputational damage.
The recent uptick in activity puts an extra burden on retailers to tighten existing cybersecurity processes or invest in additional tools that could chip away at profits.
'From a business perspective, it's nothing if not unfair [to the companies impacted by it],' said Simeon Siegel, managing director and senior analyst of retail and e-commerce at BMO Capital Markets. In the event of a cyber attack, companies have 'to balance short term fixes, while ensuring they don't have [long-term] implications,' he added.
BoF breaks down what leaves fashion businesses vulnerable to cyberattacks and how they can protect themselves. How does this happen?
Cyberattacks are typically orchestrated by groups that find and exploit a company's technological shortcomings. The culprit can often be difficult to trace, because even when law enforcement tracks them down, individuals can splinter into other smaller organisations. Criminals can also act individually by finding hacking tools on the dark web, said Christian Beckner, vice president of retail technology and cybersecurity at NRF.
The tactics range in their level of sophistication. One of the common ways hackers infiltrate a company's systems is through 'phishing' — the dreaded emails where, posing as a company executive, they encourage employees to click a link that, if opened, can give them access to an organisation's entire data network. They can also use employee voice impersonation tools to target a company's customer service call centres, Beckner said.
'If one employee accidentally clicks a link in an email, it may not matter how protected and up-to-date your technology is,' Siegel said. 'Human error can supersede the most advanced technology.'
Cyberattackers will target any industry with high transaction volumes, making fashion an appealing target. Plus, because most retail giants operate their e-commerce storefronts on years-old custom platforms that are likely outdated, they are particularly vulnerable, said Juan Pellerano-Rendón, chief marketing officer at e-commerce software start-up Swap.
'A lot of times these larger conglomerates have IT teams, and they're updating their website regularly, but security might not always be at the top of their list,' Pellerano-Rendón added.
Retailers that operate with thin margins have historically been slower to invest in cybersecurity over tools like a website redesign that can immediately drive revenue, said Sam Rubin, senior vice president of consulting and threat intelligence for Unit 42 at cybersecurity firm Palo Alto Networks.
'You could spend several million dollars on cybersecurity and feel safer and be safer, but what's going to show up on your P&L is greater operating expenses without a necessarily highly visible tangible benefit,' Rubin said. 'Sometimes that does get neglected in favor of driving top line growth in business.' How should retailers respond?
When a company is hacked, they often have no choice but to shut down services until they can find the culprit and boot them out of their network. Preventing an initial cyberattack can be a near impossible task as cyber criminals' tools become more advanced and accessible.
Many retailers have increased cybersecurity measures in recent years, specifically around payment processing, Beckner said. Customers' financial information wasn't compromised in many of the recent attacks, which is the scariest violation for many customers and therefore a natural priority for companies to prevent. To lower the risk of repeat offenses, retailers have to 'assess where there might be existing vulnerabilities in your IT systems and services, and patch and upgrade those where they existed,' Beckner added, including adding multi-step authentications for company log-ins and conducting additional training for employees across the organisation.
The latest run of cybersecurity hiccups could also push major retailers to make big personnel changes such as hiring heads of security (if they don't have them already), according to Pellerano-Rendón. They might also consider using more e-commerce services from software giants like Shopify that routinely update their software, making it more difficult to infiltrate, he added. Companies can institute drills where they work with third party firms to simulate an attack to better assess the strength of their existing systems and what additional processes they need to implement, said Steve Ross, director of cybersecurity, Americas at S-RM.
In the aftermath of an attack, retailers also must do damage control in order to make sure their customers feel safe buying from them again. Shoppers today are aware that technology violations occur and are outside of a company's control, 'and not necessarily that Victoria's Secret or Marks & Spencer has betrayed their trust in any way,' Pellerano-Rendón said.
Still, retailers need to tell customers whose personal information may have been compromised exactly which steps they've taken to protect their data down the line.
'It really comes down to making sure you're communicating … and having that plan in place to quickly bounce back,' Beckner said.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
New York Post
28 minutes ago
- New York Post
Why NYC's most exclusive social clubs are hot with investors
Not since the 19th century have New Yorkers been so keen on clubs. Suddenly, everybody who is anybody has joined up with a schmoozy society outlet catering to seemingly every interest and income bracket — from Casa Cipriani for the social set, to the Leash Club for canine parents. Even the old guard along West 44th Street, aka Club Row, as well as other yesteryear organizations like the National Arts Club, Lotos Club and University Club, are attracting fresh faces anew. 'I'm a wonderful guest at most of the city's clubs, but I tend to be drawn to the old-school clubs of New York where you are stepping back in time,' said residential broker Mike Fabbri of the Agency, who lives in Gramercy Park and is joining the nearby National Arts Club. 'After COVID, there's been a resurgence of people wanting to belong and have a community.' 5 Even heritage haunts like the National Arts Clubs are booming. Getty Images for The National Arts Club But it's not just a spirit of bonhomie or overcrowded restaurants that are driving New Yorkers into exclusive sets — it's smart money. Unlike a typical restaurant, bar or gathering space, a membership model allows founders and operators to avoid taxes. That's because social clubs are considered nonprofits, where the Benjamins remain in the club's pockets and fund member benefits. As long as earnings aren't used to the private benefit of any particular person, a club is in the clear per the IRS. Better still, 35% of a social club's revenue can even come from non-member sources, including investment income. But taxes must be paid on up to 15% of the income from non-members who are not a guest of members — i.e. public walk-ins. And there's absolutely nothing on this earth that real estate investors love more than saving on taxes. Financier John Paulson, who recently purchased the storied Princeton Club's defaulted mortgage, told Page Six he may turn it into a place for 'vibrant 20- and 30-year-olds' as 'their place to go.' And no wonder Jeff Klein dropped $130 million to build out the new 'it' club, the San Vicente West Village in the Jane Hotel. 5 The new San Vicente West Village club cost $130 million. Helayne Seidman Initiation costs a reported $3,200 to $15,000 with annual dues of $1,800 to $4,200 depending on age. 'We've gotten a lot of inquiries from social clubs for properties we represent,' said Lee Block of RTL (previously Winick). 'There's a lot of activity for that in the city.' London's celebrity haunt Anabelle's opened in 1963 and has had several iterations. But the founder's son, Robin Brierly, has now collaborated with stateside owners the Reuben Brothers on Maxime's, which opened in March in the former Westbury Hotel at 848 Madison Ave. The Twenty Two, another London-based club, opened late last year in the Reuben Brothers' 16 E. 16th St. in the Flatiron District by Union Square and includes a public restaurant and hotel along with the private club and rooftop nightclubs. Meanwhile, Miami hotspot Casa Tua opened at the new Surrey hotel at 20 E. 76th St. It has an annual fee of $4,300 that rises to $7,000 if you want to visit its other locations in Aspen and Miami (after initiation fees). But the restaurant is open to non-members. 5 It costs $3,400 a year to party at Casa Tua in the Upper East Side. Olga Ginzburg for NY Post 'Casa Tua is the new hot spot,' said Lisa Simonsen, a residential broker with Brown Harris Stevens who belongs to 'a lot' of clubs. 'I join the ones that fit me and my family.' Social clubs hunting for a house have been eyeing 26 Little W. 12th St. in the Meatpacking District, brokers said. 'There's a lot of action on it from various member clubs looking to expand here or coming here from overseas,' said Jared Epstein of Aurora Capital Associates. 'It makes a lot of sense because it looks over the Hudson River.' 5 Thank city real estate players who see private clubs like Jean-Georges Vongerichten's Chez Margaux as surefire assets with guaranteed revenue. WWD via Getty Images Nearby, Jean-Georges Vongerichten turned his former Spice Market restaurant at 403 W. 13th St. into the elegant Chez Margaux dining club. Fees range from $1,800 to $2,600 annually, depending on age, with an initiation of $1,000 to $2,000. Chez Margaux is not far from where the now publicly traded global Soho House and its celebrity-packed rooftop heated pool became the club du jour when it opened in 2003 at 29-35 Ninth Ave. Fittingly, Vongerichten's partner in the club is developer Michael Cayre of Midtown Equities who bought Soho House from Ron Burkle in 2012. He's also a partner in the luxurious redevelopment of the Lower Manhattan Battery Maritime Building into the private and successful Casa Cipriani. 'If you travel a lot, Soho House has sites globally but it went public and doesn't feel as exclusive and culturally relevant anymore and has lost its luster,' opined Brandon Charnas, a commercial broker with Current Real Estate Advisors. 5 Zero Bond helped prove the club business model to investors. dzobel Charnas rebranded and leased Zero Bond and then helped prominent night club founder Scott Sartiano launch the club during COVID in 2020. Zero Bond's 'no photos' policy helped it become a celebrity haunt for Taylor Swift and Leonardo DiCaprio. Elon Musk threw a party here in 2021, the same year frequent late-night Zero Bond flier, Mayor Eric Adams, held his Election Day night victory party and hosted folks in a VIP room unlocked with a fingerprint scanner. Midtown building owner Craig Deitelzweig of Marx Realty is currently negotiating leases with two different social clubs for his office properties in New York and DC. 'Our buildings have a social club kind of feel and there is a natural gravitation to them by the clubs that adds to the cache of the building,' Deitelzweig said. 'The clubs like buildings that have some heritage and a cool vibe.' 'Being in a real members club is like belonging to a community — it's not selling immediate access but selling relationships.' Brandon Charnas, commercial broker with Current Real Estate Advisors Each of the clubs will have their own restaurant, Deitelzweig said, while the DC club will allow all tenants to use their terrace. 'People love them in the post-COVID world because they want to be social and form their own networks,' he said. Most building owners believe social clubs are a 'solid amenity,' explained Robert Gilman, a CPA with the accounting firm Anchin. For instance, at Hudson Yards, Gilman says ZZ's Club has been 'a standout.' Operated by Major Food Group, in 37 Hudson Yards, its moniker comes from founder Jeff Zalaznick's nickname. It includes a Japanese restaurant, a cigar terrace, a lounge with music programming and has a private location for its restaurant Carbone. The website shows $20,000 for initiation and $10,000 in annual fees. Developer Rabina's hot new residential and office tower in Midtown at 520 Fifth Ave. will also open a five-story social club, Moss, that will have a sauna, a cold plunge pool and a hammam plus spaces for podcasting, dining and events. But the sheer number of new clubs has some in the biz worried. Charnas warns members clubs are swelling into a 'dotcom bubble.' 'Everyone is launching them,' Charnas said. 'Not all of them will survive. They are getting their upfront dues while restaurants are calling themselves 'member clubs.' Being in a real members club is like belonging to a community — it's not selling immediate access but selling relationships.'
Yahoo
31 minutes ago
- Yahoo
Mother of 5-year-old girl killed in Franklin crash by accused drunk driver has also died, DA says
A vigil is planned for the mother of a 5-year-old girl killed in a crash by an accused drunk driver in Franklin over Memorial Day weekend who has also died. Minaben Patel, 38, of Franklin, has died days after the May 24 crash that killed her daughter, Krisha Patel, 5, according to the district attorney and a Facebook post by the SAFE Coalition on Tuesday afternoon. 'The Norfolk District Attorney's Office and the Franklin Police Department are saddened by the loss to Minaben's family and we extend our heartfelt condolences,' Norfolk District Attorney Michael Morrissey and Franklin Police Chief Thomas Lynch said in a statement Tuesday. A vigil for Minaben Patel is planned for 6 p.m. Thursday at the crash site on Grove Street in Franklin, The SAFE Coalition, a Franklin-based nonprofit group, said in its Facebook post. Another vigil was held for her daughter, Krisha Patel, at the site last Wednesday. 'We would like to share, through the families wishes, that Minaben Patel, mother of sweet Krisha, has passed away,' the SAFE Coalition said in its post. 'Minaben's family is again deeply thankful for all the love and support shared over the last week,' the group said. 'They invite the community to honor this amazing Mother, Wife, Family Member and friend this Thursday for a service of remembrance.' The driver accused in the fatal crash, James Blanchard, 21, of Franklin, was ordered held on $250,000 cash bail following his arraignment on May 27. A not guilty plea was entered on Blanchard's behalf. He is charged with motor vehicle homicide while driving negligently and under the influence of alcohol, three counts of driving under the influence of alcohol and causing serious bodily injury, negligent driving, driving a motor vehicle with an open container of alcohol, and marked lanes violation, according to Norfolk District Attorney Michael Morrissey. It was immediately unclear Tuesday if Blanchard would face additional charges in the case. Boston 25 has reached out to Morrissey's office for comment. During his arraignment, prosecutor Christopher Meade said Blanchard told police he had two beers while at a landscaping job on Saturday, May 24 after working that morning at his job as a mechanic. When he left his landscaping job, he opened a 1.75 liter bottle of Tito's vodka. He began drinking straight out of the bottle and drove home in his truck, Meade said during the arraignment in Wrentham District Court. Investigators later found a second, empty 1.75 liter bottle of Tito's in his truck that Blanchard told police was 'from the night before,' Meade said. While driving home around 6:22 p.m. Saturday, May 24, Blanchard crashed into a Honda Accord carrying a family of four on Grove Street in Franklin, Meade said. They were going to Blackstone for a family birthday party. The 5-year-old girl died following the crash, Meade said. Her mother and brother were taken to a local hospital in critical condition. The brother's condition was not known on Tuesday. Her father, the driver of the Honda, was treated and released. Defense attorney Timothy Flaherty had asked the court during Blanchard's arraignment to impose a lesser amount of $10,000 cash bail, with conditions for his release to include electronic monitoring and that he enter an alcohol rehabilitation center. 'It's probably the right place for this young man at this time,' Flaherty said during the arraignment. 'It's a significant case but significant penalties. But I can tell the court that this young man is not a risk of flight.' An autopsy will be performed to determine a cause of Minaben Patel's death, the district attorney said. Meanwhile, services were held for Krisha Patel on May 31, according to the girl's obituary. 'Our hearts are broken as we say goodbye to such a precious little soul. In her short time with us, she filled the world with laughter, wonder, and love,' her obituary states. 'Her smile could brighten the darkest day, and her kind heart touched everyone she met.' 'Though her time here was far too brief, her spirit will forever live on in the hearts of all who loved her,' her obituary states. 'We will carry her memory with us always - like a beautiful, shining star in the sky. May she rest peacefully, wrapped in love and light.' The crash remains under investigation by Franklin Police, the Norfolk District Attorney's Office and the Massachusetts State Police Collision Analysis and Reconstruction Section. This is a developing story. Check back for updates as more information becomes available. Download the FREE Boston 25 News app for breaking news alerts. Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW
Yahoo
31 minutes ago
- Yahoo
Arizona Man Kills Mountain Lion to Protect Pet Dog from Animal Attack
A man shot and killed a mountain lion after the big cat attacked his dog The dog and its owner were out for a walk at night in Buckeye, Arizona, when the mountain lion aggressively approached them The dog sustained no serious injuries in the encounter with the wild animalA man and his dog are safe after a dangerous encounter with a mountain lion. On May 25, around 10 p.m., in Buckeye — about 30 miles west of Phoenix, Arizona — the man was walking his dog in a residential area called Verrado when a mountain lion approached the pair and attacked them, the Arizona Game and Fish Department told PEOPLE in a statement. The "brief altercation" did not result in serious injuries for the canine, with the man successfully "kicking the lion off his dog," the department's statement read. Yet, the altercation didn't deter the predator, because the mountain lion doubled back, per the statement, following the man and dog as they returned home. The mountain lion approached the duo again, but this time, the man fatally shot the big cat. The killing was an act of self-defense, the statement read. The state's wildlife management agency picked up and transported the dead mountain lion without further incident. Mountain lion and human encounters are rare, but the spread of urban and suburban sprawl is leading to increased run-ins as the big cats lose their natural habitat. The University of Arizona estimated that roughly 2,500 to 3,000 wild mountain lions are living in the state. "If you encounter a lion, do not run. Face the lion and slowly back away, leaving an escape route, " the university said in a statement, per The Island Packet. "You should also try to appear larger by raising your arms over your head. You may also throw rocks and sticks as long as you can avoid crouching down." Never miss a story — sign up for to stay up-to-date on the best of what PEOPLE has to offer, from celebrity news to compelling human interest stories. Another dog owner recently went to extreme lengths to protect her pup. Kim Spencer of Tampa, Florida, was on an evening walk with her dog Kona when an alligator emerged from a lake nearby with its sights set on the pet. While the alligator got Kona's head in its jaws, Spencer mobilized and jumped on the back of the gator, effectively wrangling the reptile. "I stopped thinking and just dove on it, jumped on it and straddled it, as lady-like as that is, and was trying to pry its jaws open," she said. Kona survived the attack thanks to Spencer, leaving the altercation with several deep bite wounds that required stitches. Read the original article on People
