Search

Cyber security threats that food delivery companies face and how to prevent them



Current demand on food delivery service

If we pay attention to the living conditions we have adapted to in the last two years, we can see that a phrase such as "before and after the pandemic" has emerged in our lives. In short, while we lost a lot during this period of change, the world of technology introduced us to new trends, reducing our deprivation to zero. From this perspective, the pandemic can also be seen as a right set of circumstances for many startups to gain a foothold in the market. For example, food delivery companies. Yes, our acquaintance with this trend goes back to the 90s of the last century, but many of us have become friends with it over the past 2 years. The reason was the closure of restaurants due to the social isolation required due to the pandemic.


The online food delivery sector, having evaluated at $84.6 billion in the global market in 2018, grew 27% in a year and reached $107 billion in 2019. The $111 billion market value that was recorded last year is clear evidence of being accustomed to this standard of living. It is predicted that by 2024, the number of consumers using online food delivery services will reach 970 million. Companies like Meituan, Uber Eats, Delivery Hero, DoorDash, Grubhub should always think of the risk factors, especially the risks of cyber threats.


Azerbaijan is also on the list of countries entering a new stage in the development of this service sector during the pandemic. Along with foreign companies such as Wolt, Hungry, Bolt food, local companies like Fonibo also operates in the food delivery market. These companies face cyber threats from time to time.This situation has negatively impacted not only food delivery companies, but also customers.

Why are hackers targeting food delivery companies?

DoorDash, a food delivery company operating in the US and Canadian markets, announced in May 2019 that the company had been hacked and that the data of about 5 million users had been stolen. In March 2020, the German delivery service Takeaway.com, which operates with more than 15,000 restaurants, was hit by a DDoS attack. Using this tool, the attackers temporarily blocked the company's Internet connection and made the online service unavailable to users. In return, they demanded two bitcoins worth $11,000. In October of the same year, Chowbus, serving hundreds of thousands of customers in Australia, Canada and the United States, was attacked by hackers. Another example: in May of this year, a group of hackers gained access to the data of 6 million Glove customers, including the data of couriers and other employees. The leaked information included the names, phone numbers, passwords, and payment systems of the victims.


As you can see from these examples, the development of this sector not only provides consumers with comfortable food, but also becomes a convenient source of income for cybercriminals. The fact that customers for credit and debit card information are easily available to hackers through food delivery companies or restaurant chains is the main reason this area is attractive to hackers. Consumers can customize this with multi-factor authentication, encryption of sensitive data, and regular website and mobile app vulnerability checks.


What kind of cyberattacks can the companies that provide this type of service face?

Malware is one of the first methods that hackers use to attack food delivery companies. They find a weak spot in the network to place malware on the company's POS system. The program then records every operation performed on the system and sends it to the attacker's server over the Internet. Here, the company should consider the security of the company's POS system and the protection of user data available on the website, including mobile applications. Otherwise, users' trust in the company may decrease. This can lead to the loss of customer confidence and, as a result, to the loss of the company's reputation in the local and global markets.


The next cyber threat that companies operating in this service sector can face is phishing attacks. In such attacks, cybercriminals incite employees to exchange network logon data or other confidential information. In this scenario, attackers send links through phishing emails that allow employees to gain access to malicious sites.


Measures that can prevent cyberattacks.

Cybersecurity experts recommend several ways to reduce the risk of any data leakage in this service sector, including personal data.

The first is the creation of safe areas. Protecting critical control points is another way to prevent impending hazards. Monitoring system implementation in order to detect incidents at an early stage, improve their management and protect personal data in accordance with international standards, such as GDPR, PCI-DSS, can often narrow the opportunities for cybercriminals.