Javed Hasan is the CEO and Co-founder of Lineaje, a leader in software supply chain security management.
Impacting nearly 13.7% of all returned items in 2023, gift card and return frauds have become an unfortunate tradition among scam artists, but there’s a much more sinister threat looming. This year, counterfeit third-party software is causing significant scares for retailers, threatening their operations and customer trust.
This silent risk lurks in the shadows of our modern retail systems, such as vulnerabilities embedded within the software powering everything from the e-commerce platforms to the payment systems. Open-source code has become indispensable to modern retail, with the vast majority of organizations relying on open-source software to power business-critical applications. This makes the reality quite stark that nearly 7% of open-source components come from unknown or dubious origins.
Let’s analyze the dual challenge that retailers face of delivering a quality customer experience while protecting their operations and those same customers from an outside threat.
The Essential Role Of Open-Source Software In Retail
Open-source software (OSS) has transformed the jobs of software developers. Code repositories have enabled organizations to innovate rapidly and efficiently while giving developers more tools to push past roadblocks. OSS is a pillar of development, underpinning essential operations like managing inventory, personalizing customer experiences and streamlining transaction processes. By leveraging OSS, developers can scale quickly and manage shopping spikes, ensuring maximum uptime while managing millions of interactions.
Unfortunately, these benefits also come with clear and present risks. The open availability of these components means that they’re accessible to everyone, including bad actors. Unknowingly, retail developers integrate counterfeit or unverified software into their systems, introducing vulnerabilities that can lead to economic loss, operational disruptions and reputation damage. With 90% of current software using open-source components, it isn’t a question of “if” but “when” the next widespread attack will take place.
Counterfeit Software Risks: A Silent Disruptor
Counterfeit and fraudulent software have become much more common. This software is often introduced through a lack of visibility into the software supply chain. For instance, imagine bobbing for apples with a blindfold on. Although it’s somewhat easy to get an apple, deciphering if an apple is rotten or not isn’t an easy feat when blindfolded. This issue of visibility only gets more pronounced during peak seasons, when organizations must prioritize speed over scrutiny to meet their surging demand.
The consequences of counterfeit software can be unexpected and devastating, including the following impacts:
• Retail System Crashes: Malicious code or malware once embedded can cause system crashes, increasing customer frustration during peak shopping hours.
• Release Of Sensitive Personal Information: Shopping also involves a lot of sensitive information, from a person’s name and address to their credit card number.
• Risk Of Fines And Lawsuits: Retailers risk exposing this customer information, making them liable for fines and lawsuits.
• Reputational Damage And Erosion Of Trust: Headlines of downtime or compromised systems can create unfixable erosion to a brand and the trust of its customers.
The bottom line is that this can be financially ruinous for companies, especially small businesses just trying to deliver for their customers.
Actionable Steps To Protect Retail Operations
There are actionable steps to proactively safeguard systems and ensure smooth operations through peak seasons.
1. Audit your software supply chain. Use software bills of materials (SBOMs) and software composition analysis (SCA) to set up a visibility framework for all software components and their potential lineage.
2. Implement continuous monitoring. Deploy tools that monitor software behavior and changes in real time, as it’s important to detect anomalies and vulnerabilities before they escalate to something serious. Always prioritize patching known vulnerabilities, using automation where possible.
3. Adopt DevSecOps practices. Security needs to be adopted into the software development life cycle at every stage, from design to development. Teams need to be equipped with training and the tools to recognize counterfeit software and enforce best developer security operations (DevSecOps) practices.
4. Prepare for peak seasons. Retailers need to have a contingency plan in place to address potential disruptions if they do happen. The IT team should be able to act swiftly in case of an attack, ready to address disruptions and minimize downtime.
These steps aren’t just proactive—they’re an opportunity to strengthen customer trust by ensuring smooth and secure operations all year. When nearly half of organizations have experienced attacks on their supply chains, why risk it?
Counterfeit software might not be the first thing that comes to mind as a risk while you’re trying to meet customer demands. Gift card frauds and phishing attacks can be much more visible and have a long history of packing a punch on retailers. But with the changing landscape and software supply chain attacks becoming increasingly common, they must be treated as the threat they are.
By protecting their software through implementing continuous monitoring and adopting proactive security measures, retailers can help keep their businesses and brands safe. Maintaining proactive defenses can transform a hidden risk into an opportunity to build greater resilience and help ensure success for retailers and their customers.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
