Cybersecurity
Understanding the Cyber Threat to Retailers
Thomas Cartlidge, Head of Threat Intelligence at Six Degrees, explores the necessary steps retail businesses should be taking to ensure they mitigate the risk of a data breach, which could result in financial, operational and reputational damage.
W
ith many retailers pivoting to online sales and contactless payments over the past 18 months, hackers have increased their focus on the sector in the hope of
stealing valuable customer data, including credit card information. What is the cyber threat to retailers, and how can retail businesses protect themselves from cyber-attack? Retail is one of the most targeted sectors for cyber-attacks in 2021. Te coronavirus pandemic has forced retailers to adapt to survive, regardless of their size. While smaller retailers have moved to card payments and online operations, larger retailers have focused on harnessing big data to achieve efficiencies and maximise profit margins. Tis has introduced new threat vectors as retailers’ attack
surfaces have expanded, and these threat vectors are being exploited by hackers keen to steal money and confidential financial information. Data is the new currency for hackers, who focus not just on money and goods but also customers’ personal data that can be stolen and sold online. And with high staff turnover and seasonal workers, retailers face threats from not just hackers, but also insider threats. In such a turbulent operating environment, retailers must take
the necessary steps to ensure they mitigate the risk of data breach resulting in financial, operational and reputational damage. In this article we will explore the cyber threat to retailers: who is attacking retailers, why, and how?
Who is Attacking Retailers, and Why? Given the valuable credit card data and Personally Identifiable Information (PII) they hold, along with the potential immaturity
22 | December/January 2022
of their cyber security postures, retailers face a number of cyber threat actors on a daily basis. Here are two of the key types of attacker targeting retailers.
Hackers Like all industries, retailers face a constant threat from hackers. 99 times out of 100, hackers are motivated by financial gain, and they target retailers both remotely and at their operating locations, such as stores and warehouses. Hackers oſten target point-of-sale (POS) systems, installing
malware that steals credit card information when the POS system is used. Tey will also target ecommerce websites and the databases that sit behind them, searching for weaknesses they can exploit to steal personal data that can then be sold on the black market. Hackers have seen success targeting some extremely high-profile
victims in the retail sector over the years. In 2014, ecommerce giant eBay suffered a massive data breach that exposed the details of 145 million users. Hackers stole the credentials of three employees, and then spent several months harvesting the data undetected.
Employees Given their relatively high staff turnover and use of seasonal workers, retailers also face a threat from employees. Members of staff who attack retailers are oſten disgruntled, but more oſten than not their motivation is the same as that of hackers – financial gain. Employees will tend to use less sophisticated attack methods to target retailers. Oſten their methods are as simple as stealing
www.pcr-online.biz
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68
