Key cyber threats that retailers are facing and how they are responding?

Cybersecurity threats have become more sophisticated and aggressive over the years, and retailers are among the most vulnerable targets. With the growth of e-commerce and the increasing amount of data being stored and shared online, retailers must take proactive steps to secure their systems and protect their customers' sensitive information. In this blog post, we will discuss five cyber threats that retailers are facing and how they can fight back, drawing insights from two articles: "5 Cyber Threats Retailers Are Facing and How They're Fighting Back" from CSO Online and "Protecting Your Retail Business from Cyber Attacks: The Importance of Cyber Risk Quantification" from Alfahive.

Phishing and Social Engineering Attacks

Phishing and social engineering attacks are the most common forms of cyber threats, and retailers are no exception to their effects. Phishing and Valid accounts have been the top MITRE ATT&CK initial access vectors used by threat actors. In a phishing attack, a cybercriminal sends an email or message that appears legitimate but is designed to trick the recipient into clicking a malicious link or downloading malware. Social engineering attacks, on the other hand, are designed to manipulate human behaviour to gain unauthorised access to sensitive information.

• According to the 2021 Verizon Data Breach Investigations Report (DBIR), phishing attacks continue to be a top concern, representing 36% of all breaches analyzed. 
• The report also notes that social engineering tactics, such as pretexting and baiting, accounted for 10% of breaches.  
• The DBIR highlights the importance of user education and training as a critical defence against these attacks, along with the use of multi-factor authentication.

(source: https://enterprise.verizon.com/resources/reports/dbir/)

Retailers can protect themselves from phishing and social engineering attacks by implementing robust cybersecurity policies, training employees on how to recognize and respond to such attacks, and using multi-factor authentication to prevent unauthorised access.

Ransomware Attacks

Ransomware attacks have become more prevalent in recent years, and retailers have been frequent targets. In a ransomware attack, cybercriminals use malware to encrypt a retailer's data and demand payment in exchange for the decryption key.

• The Verizon 2021 Data Breach Investigations Report (DBIR) found that ransomware attacks accounted for 10% of all incidents analyzed, with the retail industry being one of the top five industries targeted by these attacks.
  ‍https://enterprise.verizon.com/resources/reports/dbir/
  ‍
• The report also noted that the median cost of a ransomware attack for the retail industry was $200,000
  ‍https://enterprise.verizon.com/resources/reports/dbir/
  ‍
• A 2021 report by cybersecurity company Sophos found that 51% of retailers surveyed experienced a ransomware attack in 2020
  ‍https://www.sophos.com/en-us/medialibrary/PDFs/whitepapers/Sophos-Ransomware-2021.pdf

The report also recommended that retailers implement multi-factor authentication, regularly backup their data, and provide security awareness training to employees to help protect against ransomware attacks  

Insider Threats

Insider threats are among the most challenging cyber threats to detect and prevent. These threats occur when an employee or contractor with access to sensitive information intentionally or accidentally shares it with unauthorized parties.

Retailers can prevent insider threats by implementing access controls that limit employee access to sensitive data, conducting regular security awareness training for employees, and monitoring employee activity for signs of malicious behaviour.

• Verizon DBIR (2021) states that insiders are responsible for around 20% of all data breaches, and among those incidents, 61% are attributed to employees' errors, while 39% are malicious actions
  https://enterprise.verizon.com/resources/reports/dbir/

• According to a report by CrowdStrike (2023), insider threats are on the rise, with 67% of organizations reporting an increase in insider attacks over the past year. https://go.crowdstrike.com/2023-global-threat-report
  ‍
• The Ponemon Institute's report on insider threats (2022) found that the average cost of an insider-related incident was $17.19 million, with the average time to contain the incident being 90 days.
  https://www.proofpoint.com/us/resources/threat-reports/cost-of-insider-threats

Third-Party Risk

Retailers often work with third-party vendors, who provide services such as point-of-sale (POS) systems, payment processing, or inventory management. These relations are “Trusted Relationship” on the MITRE ATT&CK Initial Access vector that increases their exposure to cyber risks. Attackers can exploit these trusted relationships to gain access to a retail network. For example, attackers may compromise a vendor's system or credentials, which can then be used to gain access to the retail network. Once inside the network, attackers can then move laterally and access sensitive data, such as customer payment information. Third-party vendors may also have access to sensitive data or systems, and a security breach at one vendor can have a cascading effect on the entire supply chain.

To manage third-party risk, retailers must conduct due diligence on their vendors, including assessing their cybersecurity posture and ensuring that they comply with relevant security standards and regulations.

• According to the Verizon 2021 Data Breach Investigations Report (DBIR), 30% of data breaches involved a third-party vendor. Additionally, the report found that web application attacks and phishing attacks were commonly used to compromise third-party vendors. The report emphasizes the importance of conducting due diligence on third-party vendors and ensuring that they have appropriate security controls in place.
  https://enterprise.verizon.com/resources/reports/dbir/

• Furthermore, a 2021 report by Ponemon Institute, sponsored by RiskRecon, found that 59% of organizations experienced a data breach caused by a third party in the past year. The report highlights the importance of continuous monitoring and assessment of third-party vendors' security posture.  

Internet of Things (IoT) Devices

The rise of IoT devices in retail, such as smart shelves, checkout terminals, and security cameras, has created new opportunities for cybercriminals to exploit vulnerabilities in these devices.

To protect against IoT-related cyber threats, retailers must implement security controls that address the unique risks of IoT devices, such as regularly updating firmware and disabling default passwords.  

• The 2021 Verizon DBIR found that IoT attacks have increased over the past year, with 30% of breaches involving IoT devices, up from 26% in 2020. The report also noted that many IoT devices are still vulnerable due to weak default passwords and outdated firmware.
  ‍2022 Data Breach Investigations Report | Verizon
  ‍
• The 2020 State of Retail Cybersecurity Report by SecurityScorecard found that the retail industry had the second-highest number of IoT-related vulnerabilities, after healthcare. The report also noted that many retailers fail to update their IoT devices, leaving them vulnerable to attacks. https://www.riskrecon.com/ponemon-report-data-risk-in-the-third-party-ecosystem-study

• A 2021 report by Palo Alto Networks found that many IoT devices in retail, such as security cameras and smart shelves, are often connected to the same network as other sensitive systems, such as payment terminals, which increases the risk of a successful attack.  https://www.paloaltonetworks.com/resources/research/connected-enterprise-iot-security-report-2021

Conclusion  

In conclusion, cyber threats are an ever-present danger for retailers, and the stakes are high. A single security breach can result in significant financial losses, reputational damage, and legal liabilities. Therefore, retailers must take proactive steps to secure their systems, educate their employees, and manage their third-party risk. By implementing robust cybersecurity measures from Alfahive, and staying vigilant, retailers can protect themselves and their customers from cyber threats and enjoy the benefits of a safe and secure online presence.