The growth of online stores, the rise of smart factories and the focus on 24/7 customer support have reshaped fashion. In 2021, 43% of customers who had never bought clothing online before began doing so. But as the industry embraces the positive aspects of the digital wave, is it doing enough to protect itself from cybercrime?
Where other industries have evolved and adapted their cybersecurity to keep pace with world events, fashion could be at risk of turning a blind eye to its exposure to digital threats, and under-investing in guarding itself against them.
Growing challenges in cybercrime
Through 2021, businesses across all industries suffered over 50% more cyberattack attempts every week. And, although the pandemic pushed large numbers of consumers and corporations online, this is by no means a COVID-era problem; attack frequency was on the rise well before the first lockdowns.
But the problem is not just the rate of attacks. Cybercriminals are becoming more sophisticated as well, evolving their techniques to stay one step ahead of corporate protection.
The outcome? Companies that aren’t constantly refining their cybersecurity are falling further and further behind with every passing day.
What does fashion have to protect?
Fashion is a business built on brand, and intellectual property is one of the industry’s most closely-guarded assets – making it also one of its foremost targets.
“Legislators and industry leaders have been debating whether or not legal protections can be placed on fashion designs in order to conserve their authenticity,” says Zahra Fatina, writing for Volta Magazine. “This discussion, primarily, revolves around the protection of the well-established fashion industry, while also shedding light on the impacts of product regulation on the economic growth of a company.”
Direct to consumer brands and retailers also hold a great deal of their customers’ personal data on file – not just financially speaking, but increasingly covering a wide spectrum of datapoints, including purchase history, buying patterns, body scans and sizing information, and much more
If that personal customer information is stolen, the results of having it enter the public domain can be catastrophic for the individual, and is likely to undermine their confidence in dealing with the brand or retailer in future. It’s little wonder that 60% of small businesses that suffer a cyberattack will be closed six months later, even if we only take the loss of consumer confidence into account. If we add in the risk of intellectual property being compromised, and brand value diluted, then the risks become much clearer – especially for smaller organisations that do not have the cash reserves to pursue legal recourse against counterfeiting. Businesses of this size are, in fact, a primary target and analysis suggests that more funds need to be injected to safeguard SMEs from future vulnerabilities.
From a consumer point of view, the EU GDPR directive also adds an additional layer of importance to data protection, forcing companies to take broader steps to guard critical personal information and to declare compliance.
The fashion industry also faces a number of specific challenges that are fairly unique to the sector. Which means that off-the-shelf cybersecurity solutions will not measure up.
One of the fastest-growing areas of fashion is limited edition products:big brands create a small batch of new products, and these create extremely high demand. An unintended consequence of this is the extremely lucrative resale value of popular products. If resellers can get their hands on these high-demand but scarce items, they can sell them on for a huge profit.
This in turn has created a unique cybersecurity challenge. It is typically the case that existing, long-term customers receive priority when it comes to getting access to these limited edition products. Resellers, then, can benefit enormously from having access to a large number of older accounts – allowing them to effectively jump the queue through manual targeting, or to capture significant shares of product drops through the use of bots
The criminal here wants to gain access to accounts but wants to use them ‘legitimately’. Nothing is stolen from the account user (apart from their credentials) and nothing is stolen from the company – items are legitimately bought and paid for. This makes this kind of cybercrime much harder to uncover, and while analogues exist in consumer electronics especially, the fashion industry has been keen to adopt a model of frequent, scarce product drops, making this an especially pressing problem.
The fashion industry is also vulnerable to attack as there are a number of attack vectors that criminals can use to breach their system. As well as the back end system a website that needs constant monitoring and proactive cybersecurity, fashion businesses can be breached via collaboration tools with suppliers and even IoT devices in stores.
One extremely common mistake made by fashion businesses is that they will put their cybersecurity measures in place, and then assume that they can simply be left alone. Although not limited to this industry, the idea that cybersecurity is something that you can set and forget is hugely problematic when we consider the constant evolution of cybercriminals and the sheer number of attack vectors – including eCommerce backends, supplier collaboration tools, and even IoT devices in stores – that create fashion’s exposure surface
Against this background, brands, retailers, and their suppliers should be conducting regular tests and running attack scenarios to stay ahead of the curve.
“A pen test is a form of ethical cyber security assessment conducted to identify, safely exploit and help eliminate vulnerabilities found on a site,” explains Jed Kafetz, Head of Penetration Testing at cybersecurity specialists Redscan. “It is recommended that all organisations commission security testing at least once per year, with additional assessments following significant changes to infrastructure, as well as prior to product launches, mergers or acquisitions.”
As we know, fashion’s digital infrastructure is constantly evolving, and product launches occur on an increasingly frequent and seasonless basis, creating a clear mandate for constantly-evolving and constantly-evaluated cybersecurity policies and solutions.
A question of reputation
Some fashion businesses are put off the idea of investing in cybersecurity because they think of it as an unnecessary expense. Yes, of course it can be expensive to put cybersecurity measures in place. However, if you suffer a cyberattack, it is going to be far more expensive to overcome the challenges you face in dealing with it.
Some of this cost will be attributed to issues such as site downtime and the expense of having specialists deal with the vulnerability. But also there is sometimes overlooked cost of reputational damage.
“Just take a look at some of the major data breaches over the last three to five years,” says James Trainor, former FBI Assistant Director of the Cyber Division in Washington DC “not only do companies suffer significant financial losses to remediate those events such as regulatory fines and liability expenses, but companies also suffer reputational brand harm that could impact their stock value and their ongoing ability to keep and attract customers.”
If customers no longer trust you, then won’t buy from you. And losing this trust in your consumers can ruin customer relationships that have been built up over a long time.
The race for talent
There is, right now,a shortage of workers with appropriate cybersecurity skills making it far more expensive to hire in the professionals needed for an in-house security team. Outsourcing remains an option, and can cut costs, but contractors are also in high demand.
Whatever approach a particular organisation takes to bringing on board the talent needed – and the technology to support them – it’s becoming clear that the fashion industry, especially in light of its ongoing digital transformation, needs to do more to tighten its belt on cybersecurity.