Dive Brief:
- DSW's e-commerce site lost access to store inventories when a software vendor suffered a ransomware attack during the last two weeks of Q3, Roger Rawlins, CEO of the retailer's parent company Designer Brands, said on a Wednesday earnings call.
- "We effectively lost a portion of our digital sales capabilities for two weeks during our crucial September selling season," Rawlins said. The roughly 13 million units in stores were not visible to customers on the DSW website when the vendor was forced to temporarily shut down.
- The shutdown brought DSW's available visible assortment from 13 million units to roughly 1.3 million — disrupting the chain's ability to balance inventory between stores and warehouses. DSW has been shipping e-commerce orders from stores throughout the pandemic.
Dive Insight:
The impact of cyberattacks on retailers and their vendors is even greater during this digital-first period brought on by the coronavirus pandemic.
Designer Brands' digital sales have been up double digits year over year throughout 2020. But in October, U.S. digital sales were down 22% YoY, bringing company-wide digital growth for the quarter to just 3% YoY.
Any kind of software interruption to inventory management functions can wreak havoc with order fulfillment — eventually impacting sales.
The shift to digital shopping has made the retail ecosystem a particularly ripe target for cyberattacks this holiday season, Curtis Simpson, CISO at Armis, told Cybersecurity Dive last week when media reports surfaced alleging Kmart had been similarly attacked. The Kmart attack, however, was an internal problem, affecting mainly human resources functions.
In October, The National Security Agency and the Cybersecurity and Infrastructure Security Agency warned cyberattacks against critical operational technologies and infrastructures within supply chains have been on the rise during the COVID-19 pandemic.
Designer Brands' experience shows that retailers need to be vigilant regarding their own cybersecurity protections but also those of their vendors. Rawlins did not name the software vendor that suffered the ransomware attack.
Thorough and frequent security audits can hedge against this growing risk, according to Marty Edwards, VP of operational technology security at Tenable.