On Phygital’s Black Friday, security will be proportional to the willingness to test
Before the pandemic, experts such as Gartner predicted that by 2023 e-commerce would no longer represent a difference in retail sales, and this was by no means considered a loss of importance for this sales channel. Quite the opposite. Making this projection indicated that online shopping will be so deeply rooted in consumer behavior that no one else can afford not to offer this alternative without, obviously, giving up the traditional physical environments of experimentation and tasting.
Coincidentally, the health crisis accelerated this projection and reinforced the need for companies to work in a format baptized as Phygital, that is, a model that includes both physical and digital business at the same level of importance.
In this way, this year’s Black Friday can be considered the first in which the challenge of providing transaction security will have to be faced and overcome in both environments.
In Gartner’s own words, since e-commerce is no longer a differentiator, robust execution of a unified commerce strategy is fast becoming the foundation for competitive advantage in modern retail.
On the other hand, this year’s World Economic Forum “Risk Report” highlights that global leaders have identified cyber risk as a major challenge, with 64% of respondents expecting to experience a disruptive event in the next year.
When this scenario is analyzed from the point of view of what was required to meet Phygital’s demands, the prospects are terrifying. After all, the increasing use of technologies such as APIs, IoT applications, open source code, public, private and hybrid cloud applications, complex digital supply chains, social media and other innovations brought about by digital transformation have caused an unprecedented level of exposure of the corporate IT structure. .
Not coincidentally, the red alert was raised last year when a ransomware attack was reported every 11 seconds. The Veeam Data Protection Trends Report 2022 survey of 3,000 IT decision makers from 28 countries found that 76% of companies experienced at least one ransomware attack in the past 12 months and that 36% of their information was permanently lost in each of these attacks. . There are projections that this type of fraud will continue to grow exponentially until it reaches one case every two seconds in 2031.
Of course, the megapromotion feature forces companies to focus their attention entirely on the end of the Black Friday operation and worry about answering questions like: How much discount will be offered on which products? Which advertising strategy is most effective for serving the desired customer? How to reduce delivery logistics costs?
But all this can result in wasted effort if there is a serious security breach that allows a large amount of data to be leaked, for example. Just to give you an idea, according to an IBM study, in 2022 the cost of a data breach reached an all-time high, reaching an average value of $4.35 million. This figure represents a 2.6% increase over the previous year, when the average cost of a burglary was $4.24 million. The average cost was up 12.7% from $3.86 million in the 2020 report.
Since it is certain that the flow of customers will increase in the days of Black Friday, and since it is impossible to limit the alternatives of access to sensitive environments, there is no other position for companies than to allocate the same, or even greater, attention to data protection issues than to sales campaigns.
Ultimately, it comes down to prevention, the first and fundamental step of which is to conduct a complete audit of the codes and the entire security architecture. It is necessary to be absolutely sure that the attributes of availability, reliability and integrity are protected.
Another essential preparation is the creation of a recovery plan that can be quickly put into practice in the event of an invasion.
When these two support posts are up, then the work begins.
And it does not consist in putting into practice any pre-established recipe. Considering the dynamics of user interactions across multiple channels and platforms in the Phygital environment, it is up to those responsible for security to implement a testing schedule across all structures to try to find loopholes before fraudsters do.
All this looks very complex and time-consuming, but there is still time. And the sooner the process starts, the better your chances of staying just on the profitable side of Black Friday.
* Gustavo Duani is CISO and head of cyber security at Sencinet