search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Cybersecurity


confidential information from the retailer through online storage tools or USB drives. As an example of how these attacks have been launched


successfully in the past, in 2014 a disgruntled employee of UK supermarket chain Morrisons used a portable storage device to steal and then leak the personal information of thousands of staff online.


How Are Retailers Being Attacked? Retailers operate in a hostile digital landscape, where resourceful and highly-motivated attackers seek to steal money and personal information from their victims. The 2021 cyber security picture for retailers is likely to be one of evolution, not revolution, as hackers adapt their methods to maximise the efficiency of the attacks they launch.


Here are some of the cyber security trends we are seeing that retailers should be aware of in 2021: • Supply chain compromises: Te international supply chains on which so many retailers depend hold digital complexities that are being actively exploited by hackers to compromise networks and systems. In 2021, more cyber-attacks than ever are targeting retailers by gaining a foothold into their suppliers – especially infrastructure and soſtware suppliers. Supply chain compromises have the potential to cause serious damage to retailers, disrupting operations, compromising data and harming stakeholder relationships. It may be hard, but retailers will need to consider how they manage risk across their supply chains if they are to mitigate the risks they face.


• Ransomware: Ransomware remains the most prominent cyber threat to retailers. Te tactics of ransomware operators have evolved to ensure they continue to evade defences and pressure victims to pay. Tere has been an increased emphasis on leaking data online to extort victims, with an increased use of social media to amplify the pressure on victims. Other tactics we’ve seen proliferate in 2021 have included increased use of distributed denial of service (DDoS) to attack victims and further pressure them to pay. Ransomware group SunCrypt conducted a DDoS attack against a victim in late-2020 as they were negotiating a possible ransom payment.


• Ransomware-as-a-service: Ransomware- as-a-service (RaaS) has allowed unskilled threat actors to use technically advanced ransomware to attack victims, while providing additional income to the groups that created the soſtware. RaaS will allow the number of groups conducting attacks to increase, and will allow the technically skilled groups time to focus on modifying their soſtware and tactics to evade defences and increase pressure on victims.


www.pcr-online.biz December/January 2022 | 23


• Business email compromise: Business email compromise has become a greater threat to retailers in 2021. Business email compromise (BEC) is the defrauding of organisations by criminals placing themselves in the payment chain of companies through a number of methods including social engineering, domain spoofing and account takeover. BEC tactics have evolved through 2021, including the targeting of group inboxes with fraudulent instructions to change payment details for a client or vendor. Technically advanced criminals, such as those that develop ransomware, could also change some of their focus to BEC. In the coming months and years, BEC may become an equal threat to ransomware for retailers.


How Do Retailers Protect Themselves? Te cyber threat to retailers is real, and it’s getting worse. Hackers are actively targeting UK retailers with double extortion ransomware attacks, and will continue to do so as long as they remain a successful (and lucrative) attack method. In order for retailers to protect themselves, they need to understand the risks they face. By understanding these risks, retailers can take steps to address them. With the Coronavirus pandemic, Brexit and a number of other


factors causing unprecedented disruption to supply chains, retailers need to find a way to achieve efficiencies while securing the increasing digitisation and proliferation of data throughout their operations. Technology can help retailers mitigate the cyber risks they will face in 2021, but it does not provide a comprehensive solution in and of itself. Effective cyber security requires a combination of people, processes and systems. In order to enhance their cyber security, retailers will need to go on a cyber journey that runs from business strategy through to management, monitoring and continual optimisation.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68