• Follow us


Cybersecurity risk in retail and how to handle it

Hackers and their tactics evolve daily, but one thing remains the same: retailers are prime targets for a cyber attack. This is such a widespread issue that according to Alert Logic’s  cybersecurity report “Critical Watch Report: The State of Threat Detection 2018,” this industry topped the entire list out of eight different types of organisations (4,000 organisations in total). Given this information, along with the sheer volume of cyber attacks that occur daily, it’s vital that retailers step up their IT security game when it comes to protecting their customers’ personal information. Understanding the risks involved, along with the steps that can be taken to mitigate them, will help retailers both large and small.

The cloud conundrum

When it comes to retail, cloud adoption is a double-edged sword; on one hand a modern step forward and on the other infinite opportunity for malicious actors. Retail knows e-commerce is already a main target for cyber-attacks because of the rich-pickings of consumers’ personally identifiable information (PII) required to complete transactions. This information gets stored as data for future use or targeted marketing – we all know the story by now. When a retailer is hacked this results in potentially millions of individuals falling victim to the hacker and having their information stored and sold on the dark web, ready to be merged with other data sets to build up useful profiles for the general public.

This isn’t just bad on a personal level for each affected customer but it will also severely damage brand reputation, sometimes irretrievably.

Web application attacks can be wicked

It doesn’t matter how large or small the company, cyber attacks have become so sophisticated at this point that no business is immune. Retail, hospitality and accommodation topped the list for most targeted industries out of the 4,000+ organisations analysed in Alert Logic’s cybersecurity report but the margins for their “victory” were slight due to attack spray-and-pray automation. Web application attacks continued to dominate across all industries with retail, hospitality and accommodation taking the top prize with a whopping 85 per cent. This represents a five per cent increase of web application attacks in retail since 2017 cementing them as the attack of choice on the public network.

Retailers running e-commerce platforms should be aware that they are more likely to suffer with older IT security features and need to augment them with security processes and review them much more often. Even the newer systems may not be fully resistant to all application attack techniques. Attackers are increasingly launching multiple automated probes against systems, searching for weaknesses that can be exploited to gain access. Access to systems serves as a point of ingress for further attacks, giving attackers a means of stealing financial information, or to obtain goods without payment.

Furthermore, the public-facing nature of the retail industry means that cybercriminals can exploit the public’s general shopping trends, using them as opportunities to launch cyber attacks at particularly busy periods and co-opt retailer’s own campaigns to sneak into a user’s awareness or site browsing. This means taking advantage of popular shopping times when retailers are all attempting a sales push (Black Friday, Golden Quarter or post-Christmas January sales) - cybercriminals do exploit this increased traffic as cover for cyber attacks.

Developing and running e-commerce applications is pure economics; the security of the application is often a low priority compared to delivering a positive customer experience. This lack of attention to security measures coupled with an increase in investment by attackers means that application attacks are likely to remain a significant risk for the retail industry now and in the future.

An evolving and challenging cyber threat landscape

Cryptojacking attacks are also on the rise. This is a cyber attack in which the hacker hijacks the target’s systems to leverage their processing power, then uses it to mine cryptocurrency. Although nominally similar to ransomware these attacks are much more dangerous as the payoff is made by not being spotted so where ransomware could be clunky and half finished and still get the job done; increased sophistication in cryptojacking pays off.

The result to businesses is slower performing websites and increasing infrastructure hosting costs, again something that is easy to overlook with the apparently infinite elastic resources in the cloud.

To mitigate this risk, retailers must look to system hardening and regular patching, as these practices make it harder for adversaries to gain access to systems and limit the ability to place cryptominers on systems. It’s also important to note that as hacker techniques become more widespread and sophisticated, organisations must have a comprehensive cybersecurity strategy in place. The impact of these data breaches can be catastrophic, especially in retail where brand reputation and loyalty are the keys to success. 

Ready, set, regulation

Retailers collect so much of their customer’s personal data that it’s critical to understand the protection methods involved in keeping that information safe and secure. It’s no secret that the retail space is rife with risk, especially since the majority of retailers now operate online and take advantage of many modern tools and technologies, including the cloud.

With record-breaking data breaches hitting the news daily, retailers both big and small must take action to ensure that their security policies are aligned not only with payment and privacy regulations, but also with their customers’ expectations. Credit and debit card information is one of the personal items that’s regularly traded online of course, but with the diverse set of personal data used to prove identity all data tied to an individual is valuable.

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations that handle credit cards. PCI compliance demonstrates retailers have control over the credit card information in their possession and that they can take steps to prevent data theft and fraud. It is required by law, which means any retailer that isn’t currently in line with PCI needs to take immediate steps to do so. The penalties for non-compliance are as high as $100,000 every month or $500,000 per security incident.

There are different levels of PCI compliance and any organisation who takes payments for goods or services on the internet, even if that actual transaction is outsourced, must go through some level of assessment.

How retailers can achieve high levels of cybersecurity

It sounds daunting and never-ending, but it is required and depending on your requirements can be simplified through the appropriate application of business processes and security tools and services. Maintaining a good IT security posture is an ongoing task that requires action on the retail’s part, and it can be largely automated. A modern IT security team of cybersecurity experts will consist of threat hunters and data analysts to predict how the most valuable data could be stolen and constantly look for signs that an intruder has gained access to the network. These expert cybersecurity skills are hard to find, and expensive to hire. So, unless retailers are in the desirable position of being able to run a fully comprehensive cyber security system, with all the tools, technologies, threat intelligence and people that can keep customers and their data safe, they must establish priorities and best practices.

Dan Pitman, principal security architect, Alert LogicImage Credit: Sergey Nivens / Shutterstock

Read More

Leave A Comment

More News

Latest ITProPortal news

Nokia phones may have breached user data 2019-03-22 09:00:55And may have sent it to the Chinese.

Facebook stored millions of passwords in plain text 2019-03-22 08:30:09Facebook employees have had access to the database, but apparently have not abused it.

UK workers don’t fear AI impact at work 2019-03-22 08:00:05Many are interested in it and would love to know more.

Are your windows desktops headed for a cloudy 2019-03-22 07:30:28If so, how should you plan for a successful transformation?

Removable devices could be putting businesses at risk 2019-03-22 07:30:25Businesses have security policies, but nobody cares.

Outsmarting smartphones: How can we keep children safe 2019-03-22 07:00:18Phone ownership is a new milestone that is met with excitement by children but – quite often - with trepidation by parents.

UK businesses unable to recover data after an 2019-03-22 07:00:11More data, more problems, Dell report finds.

Lessons we can learn from Brexit about the 2019-03-22 06:30:52Let’s take a look at some of the most common buzzwords and clear up the reality behind the hype.

Four hidden benefits of SD-WAN adoption 2019-03-22 06:00:00Here are four of the less-considered upshots of SD-WAN I see coming into play over the next year or two.

Beyond savings: How businesses can work the cloud 2019-03-22 05:30:31Let’s look at some of the ways businesses are driving innovation from cloud applications.

How can AI influence the decisions you make 2019-03-22 05:00:41Let's talk about one of the newest ways AI is being deployed.

Microsoft starts urging Windows 7 users to upgrade 2019-03-21 09:00:27Microsoft will stop supporting the system in less than a year.

TechRadar: Internet news

Best Xbox One games: essential Xbox One releases 2019-03-21 17:11:51Narrowing the best Xbox One games down wasn't easy, but somebody had to do it.

Best SSDs 2019: the top solid-state drives for 2019-03-21 16:50:35Give your computer a shot in the arm with one of these excellent solid state drives.

Best hard drives 2019: the top HDD for 2019-03-21 16:49:54From a little extra storage space to a beefy NAS, these are the best hard drives for the job.

The best motherboard 2019: the top Intel and 2019-03-21 16:49:19Whether your CPU is Intel or AMD, the best motherboards will make the most of it.

Best Nvidia GeForce GTX 1660 Ti: which version 2019-03-21 16:48:41The GeForce GTX 1660 Ti comes in many varieties from several manufacturers. These are the best makes we’ve found.

Best gaming keyboard 2019: the best gaming keyboards 2019-03-21 16:48:03All of these keyboards are as beautiful as the components in your PC

Steam is getting a fresh new look for 2019-03-21 16:34:20Steam is getting overhauled to include events along with highlighting updates waiting for games in your library.

The human voice and AI – an unlikely 2019-03-21 15:25:21Beatboxer Reeps One tells us how technology can help us understand and transcend the limits of our own voices.

Cyberpunk 2077 will still be released by 2021 2019-03-21 14:14:12CD Projekt Red has confirmed it still plans to release two AAA titles by 2021.

Cyberpunk 2077: release date, trailer and news 2019-03-21 14:07:07CD Projekt Red’s upcoming FPS RPG looks incredible. Here's everything you need to know about it.

The best Xbox One X prices, bundles and 2019-03-21 13:49:55We're rounding up all the latest Xbox One X offer info right here.

Facebook stored hundreds of millions of user passwords 2019-03-21 13:36:48A new report has shed light on the fact that Facebook has been storing user passwords in plain text internally raising privacy concerns at the social

TechCrunch » Enterprise

How Salesforce paved the way for the SaaS 2019-03-22 11:56:53When we think of enterprise SaaS companies today, just about every startup in the space aspires to be a platform. That means they want people using th

HoneyBook, a client management platform for creative businesses, 2019-03-21 12:00:21HoneyBook, a customer-relationship management platform aimed at small businesses in creative fields, announced today it has raised a $28 million Serie

Windows Virtual Desktop is now in public preview 2019-03-21 03:01:38Last year, Microsoft announced the launch of its Windows Virtual Desktop service. At the time, this was a private preview, but starting today, any ent

Microsoft Defender comes to the Mac 2019-03-21 03:01:01Microsoft today announced that it is bringing its Microsoft Defender Advanced Threat Protection (ATP) to the Mac. Previously, this was a Windows solut

Skedulo raises $28M for its mobile workforce management 2019-03-20 11:00:06Skedulo, a service that helps businesses manage their mobile employees, today announced that it has raised a $28 million Series B funding round led by

Movius raises $45M for its business communications service 2019-03-20 09:00:13Atlanta-based Movius, a company that allows companies to assign a separate business number for voice calls and texting to any phone, today announced t

Iterable lands $50M Series C investment to expand 2019-03-20 08:33:09Iterable, a startup that helps companies build complex marketing campaigns across channels to reduce churn and increase usage, announced a $50 million

Abstract, a versioning platform that helps designers work 2019-03-20 08:04:57Design and engineering are two sides of the same coin when it comes to building software and hardware, and yet — unlike engineers, who can use s

Portworx raises $27M Series C for its cloud-native 2019-03-20 07:30:46As enterprises adopt cloud-native technologies like containers to build their applications, the next question they often have to ask themselves is how

Blameless emerges from stealth with $20M investment to 2019-03-20 07:26:26Site Reliability Engineering (SRE) is an extension of DevOps designed for more complex environments. The problem is that this type of approach is diff

Salesforce finally embedding Quip into platform, starting with 2019-03-19 18:16:24When Salesforce bought Quip in 2016 for $750 million, it was fair to wonder what it planned to do with it. While company founder Bret Taylor has moved

The top 10 startups from Y Combinator W19 2019-03-19 16:10:30Electric-vehicle chargers, heads-up displays for soldiers and the Costco of weed were some of our favorites from prestigious startup accelerator Y Com


QuadMenu Review: Add a Mega Menu to Any 2019-03-24 03:54:03Running a blog or website isn’t just about creating great content, it’s also about making it easy for your visitors to find and navigate t

13 Easy Online Business Ideas With Minimal Or 2019-03-23 15:24:13Maybe you’re a young boy/girl who wants to start getting dirty in the entrepreneurial side of the business world. Maybe you’re a college g

How To Generate A Disavow File Using Ahrefs 2019-03-23 02:09:51Negative SEO is a real thing. Many marketers are trying to manipulate the system by sending spam backlinks to their competitor’s website. To han

The 5 Best eCommerce Platforms (Compared with Pros 2019-03-23 01:30:46Before the rise of the internet, being a business person was a costly endeavor for most people. It involved, among other things, having a large sum of

Top 14 Reasons Why People Blog 2019-03-21 15:30:22Blogs today have become an essential part and needed for most of the generation worldwide. It’s raining blogs. Life was never so tech savvy befo

How To Write SEO Friendly Content (Beginner To 2019-03-20 20:11:00Do you want to write SEO friendly content? Well, this is an art which could take your blog or your writing career to the next level. Anyone can write

How To use Free Google VPS (Cloud) to 2019-03-09 20:31:18Do you want to run Windows server 12 on Google Cloud platform for free? Well, this could be done for free for one year. Google Cloud Platform free Tie

7 Best Monthly Billing Hosting Options For Newbie 2019-03-07 16:36:28Looking for the best monthly billing hosting options? There are a lot of cheap hosting services that can host your website for just a few dollars per

How To Run A Giveaway On Your Blog 2019-03-05 03:23:25One of the easiest ways to drive traffic & build a readership is by using giveaways. This is also true for building email lists. In the past, I ha

How To Keep Track of Your Online Time 2019-03-04 22:45:228760 Hours That’s the only time you will get in a year. Out of which, 2920 hours will be spent sleeping (considering avg. sleeping time as 8 hou

How To Find Email Address of Any Domain 2019-02-28 05:05:53Have you ever found yourself in a situation of trying to find the email address associated with any domain How painful is it to find the owner em

How To Make Money Blogging (Earn Up To 2019-02-20 22:57:00Can you make money blogging? What are the various ways to make money from blogging? How much can I earn? Can I talk about my life and make money? What

Digital Trends

Apple’s Show Time event is live right now. New! 2019-03-25 13:19:27Apple's It's Show Time event is currently going on in Cupertino, California, with the tech giant expected to announce a new video streaming service

This $76,000 Grand Seiko watch has something in New! 2019-03-25 13:12:40How can a watch that costs $76,000 possibly have anything in a common with any car, let alone a plug-in hybrid? It's all about the complex, technical

Microsoft’s latest breakthrough could make DNA-based data centers New! 2019-03-25 13:05:59Could tomorrow's data centers possibly store information in the form of synthetic DNA? Researchers from Microsoft have successfully encoded the word

Apple’s 4K 21.5-inch iMac is now $200 off New! 2019-03-25 13:03:34Apple's new iMacs are now available and if you pre-order one from B&H you can get the midrange version for $200. That's a near 20-percent saving

Here’s everything you need to know about MLB New! 2019-03-25 13:00:14MLB The Show 19 launches on PlayStation 4 on March 26. If you're interested in finding out what's new in the latest iteration of the annual baseball

This sleek new exoskeleton makes walking easier, fits New! 2019-03-25 12:35:53A new ankle exoskeleton that is designed to be worn under clothes can help people to walk without fatiguing — and without restricting natural mo

Ford’s born-again Bronco off-roader will soothe your 1990s New! 2019-03-25 12:31:16Ford confirmed it will bring the Bronco back to American showrooms in 2020. We haven't seen the truck yet, but dealers who got a preview of it during

Is this electric car startup the next Tesla, New! 2019-03-25 12:09:50The electric car startup formerly known as EVelozcity has changed its name to Canoo. It also announced a lineup of four cars including a commuter-frie

Sekiro: Shadows Die Twice – Best items to New! 2019-03-25 12:09:24Sekiro: Shadows Die Twice is a brutally challenging game that requires persistent focus and a lot close calls with death. You can make things a bit ea

The excellent Apple iPad gets even deeper price New! 2019-03-25 11:57:48The humble iPad from 2018 is still one of the best tablets around -- and a solid choice for most people. Amazon has seen some great price drops for th

Apple’s next big event is minutes away: Here’s New! 2019-03-25 11:44:46Apple's next big event takes place on March 25 in Cupertino, California. The company is expected to make several announcements related to its service

Sony a9 camera gets even better as new New! 2019-03-25 11:30:34The speedy Sony a9 is a download away from more accurate autofocus. New firmware version 5.0 for the Sony a9 brings artificially intelligent autofocus

Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.