If not before, when the President of the United States lobbed Twitter attacks against Nordstrom for merchandising decisions related to his daughter’s fashion line, it became clear: it’s getting extremely difficult for retailers to avoid being swept into the polarized political climate. (Now Ivanka Trump has opened her own store in Trump Tower.)
In another example, L.L. Bean became subject of a boycott in January simply because Linda Bean, a granddaughter of the outdoors retailer’s founder, had given money to President Trump’s campaign. Under Armour faced a backlash—fueled by its own celebrity spokespeople—because of a few words of praise for the President by the company’s CEO.
Some retailers aren’t waiting to be drawn into the fray. These retailers fully embrace a point of view and social causes and may cultivate more loyal customers–but also may generate ire as a result. For example, MAC Cosmetics, owned by Estée Lauder, diverts a percentage of profits from certain makeup lines to the MAC Cosmetics Transgender Initiative. A spring 2017 campaign for Dove, owned by Unilever, promoted LGBT acceptance and inclusivity.
Risk. Today’s divisive political and social climate creates security risks for retailers. Picking sides on hot button issues—or even appearing to pick sides—makes retailers more likely targets of protest groups and, in particular, “hacktivists.”
Those opposed to a particular company’s policies or practices traditionally arm themselves with placards and pithy slogans in an effort to effect change. While physical protests haven’t gone away, today’s activists have other—and more dangerous—avenues for hitting their targets.
From the comfort of their homes, individuals can participate in politically motivated cyber attacks, which are particularly difficult to defend against because they only aim to cause headaches and embarrassment. The ease of executing hacktivist attacks allows them to quickly jump on any perceived misstep by a company.
Hacktivism is growing across all targets, data suggest. For example, the Multi-State Information Sharing and Analysis Center says that hacktivist incidents involving state and local governments more than doubled in 2016 compared to 2015. Hacktivism will continue to grow, according to Tom Kellermann, CEO of Strategic Cyber Ventures, in an interview with Tech News World. He said that political disillusionment is making Americans more inclined towards hacktivism.
Although participating in these attacks is illegal, the line can seem vague in the cyber world—so it’s easy for activists to ignore it. Activists who refrain from taking violent physical action against a company may willingly participate in mass cyber actions because they don’t expect to be singled out. There is also less awareness of the laws governing cyber attacks, further limiting inhibitors to destructive protests delivered online.
The most common targets of cyber protests or hacktivists are organizations that have traditionally faced physical protests, typically for some perceived unfair treatment—of the environment, workers, animals—or those with political stances that others find objectionable. But whereas activists in the past needed a critical mass of opposition to pose a real threat or cause a public relations stir, a handful of today’s cyber protesters can cause. A few individuals can send a loud message by defacing a company’s website, for example.
Social networking exacerbates the risk and can be exploited to quickly multiply force levels of hacktivists. Some companies have been surprised they’ve been hit by hacktivists—assuming they were not large enough or did not possess a sufficiently high profile to be targets, according to experts at Damballa, a network security firm.
Because the ability to coalesce like-minded individuals has become simple, there has been an explosion in the creation of groups that cater to all ends of the social ideological spectrum—many of which focus on a very narrow subject area or cause, notes the firm. This is greatly expanding the number of retail organizations that may find themselves the target of hacktivists and increases the spectrum of issues for which a retailer may be targeted. No issue today seems too trivial to attract at least a small group of people who are willing to actively engage in its support or opposition. For example, local activists may target a corporation because a single chain store is coming to their town.
In addition to giving opponents to corporate practices newfound power, cyber protests are difficult for companies to defend against because hacktivists have no real end game—like personal data theft or the theft of trade secrets—where companies can focus their defense. Because of it, hacktivists can use a broader array of attacks and companies are more easily victimized.
Response. Retailers should review their readiness to respond on a technical level to the tactics embraced by hacktivists: website defacement, DDoS attacks, spam/email campaigns, and perhaps tactics that exploit common vulnerabilities, such as cross-site scripting. Kellerman warned that hacktivist attacks in 2017 are likely to be more destructive than in the past. For example, he predicts that ransomware will soon be used to encrypt data solely for denying access to that data and not for ransom. Malicious software delivering “wiper” payloads, which destroy data, also will increase.
In addition to technical safeguards, the rise in hacktivism suggests that a retailer’s corporate data security team may need to enhance proactive monitoring of what is being said about them online. A monitoring strategy that keeps tabs on what is being said on blogs and in social networks can help identify the extent to which a retailer may become the target of politically motivated cyber vandalism. If warranted, a retail organization may choose to infiltrate online groups in an effort to be aware of risks and to disrupt activities.
Finally, a security plan needs to recognize the risk that some employees may choose to participate in cyber protests using their work computers. Retail employees can take an active role in ongoing cyber protests by installing the tools needed for launching an attack.
This post was originally published in 2017 and was updated December 20, 2017.