The COVID-19 Effect: A Surge in Online Retail AND Cyber Attacks

The COVID-19 pandemic was not a one-time, over-and-done traumatic experience. It continues to be a tumultuous, stressful period impacting our personal and professional lives. E-commerce businesses were particularly affected. On the one hand, the pandemic caused a significant surge in online retail, with global digital sales in 2020 growing by a whopping 24.1%. On the other hand, it also caused a surge in cyber attacks. By November 2020, cyber attacks targeting online retailers had already reached record levels, and cyber crime overall experienced a 300% jump since the start of the pandemic. 

Indeed, cyber-attacks are the fastest growing crime in the US, and expert predictions suggest that damage caused by cyber crime will reach US $6 trillion by 2021.  But none of this should come as a surprise.  After all, most cyber criminals ‘follow the money’.  

Major COVID-19-enabled cyber attacks

Possibly one of the most damaging attacks of 2020 was the supply chain attack on technology monitoring service, SolarWinds. In this attack, malicious code was implanted in SolarWinds’ software that gave bad actors unauthorized access to customers in the SolarWinds supply chain. Although the attack is still under investigation, containment and repair costs will probably reach upwards of US $100 billion. 

And let’s not forget the phishing attack on Twitter, which compromised highly regarded Twitter handles, such as Bill Gates, Elon Musk, and Jeff Bezos. In this attack, cyber criminals fraudulently tweeted the followers of the compromised accounts and requested Bitcoin, promising to double their return. The security breach suffered by the Marriott hotel chain was another high-profile attack of 2020. According to the well-known chain, cyber criminals fraudulently accessed the personal details of over 5 million hotel guests. 

Not just large enterprises

But it’s not just large enterprises that cyber criminals are targeting; 43% of cyber attacks target small businesses. Consider PATCO Construction, which lost half a million dollars in a Trojan cyber attack that gave hackers unauthorized access to the company’s banking information. Wright Hotels is another victim. The real estate investment and development firm had $1 million stolen from it after a cyber criminal launched a successful phishing attack.

Small business contractor, Miracle Systems, is yet another recent victim of cyber crime. The company, which provides IT and engineering services to various federal agencies, incurred $500,000 to $1 million in damages due to an internal server breach. As a result of the attack, Miracle’s data and their clients’ data were openly advertised for sale by hackers on cybercrime forums. 

And they’re not always financially motivated

While most cyber attacks are motivated for financial reasons, sometimes the motivation is political. The recent escalation of cyber attacks against numerous Israeli companies is a good case in point. Not only do these attacks demonstrate how the rise in e-commerce spurred an increase in cyber attacks, but they also demonstrate how some attacks can be politically motivated. In May 2021, Iranian hackers, identified as N3twOrm, targeted H&M Israel and threatened to publish 110 GB of customer data unless H&M agreed to meet their demands.

Several other Israeli companies were targeted by cyber attackers as well. Veritas Logistics, for example, was hit with ransomware in an attack demanding three bitcoin ($170,000) in ransom. These attacks were not the first time N3twOrm targeted Israeli companies with cyber attacks either. N3twOrm is likely responsible for attacks last year on several of Israel’s most prominent companies, such as Shirbit, and El Al.  Israeli cybersecurity experts believe that all the attacks were politically motivated.

Securing your online presence

Cyber attacks are expected to cause a staggering $8.1 billion in losses each year and according to a recent Ponemon study, the average total cost of a data breach on an online retailer costs over $2 million. Alarming statistics such as these are wake-up calls to online retailers who haven’t implemented cybersecurity safeguards.

Retailers need to increase employee awareness, verify the cybersecurity preparedness of their supply chain, ensure secure payment processes, comply with data privacy regulations, and enforce strict password hygiene. They should also be using a powerful antivirus solution, such as RAV Endpoint Protection, that will protect them against the biggest security threats to e-commerce sites such as phishing, ransomware, malware, and spyware.

Keeping pace with COVID-19-induced changes

The COVID-19 pandemic’s impact on our personal lives, communities, and businesses has been epochal. Small online retail businesses were particularly affected by cyber criminals who exploited the sudden growth in e-commerce sites that didn’t have proper cybersecurity measures in place.

The shift to a digital environment, accelerated online purchases, and escalating cyber attacks has made it more critical than ever for retailers to invest in their cybersecurity to protect their data, their employees, and their customers.