As commerce continues to thrive online, maintaining a robust cybersecurity posture has become crucial for retailer survival.
According to publisher forecasts, global security revenues in retail are headed for strong growth in the next few years, from $7 billion in 2019 to $12 billion by 2025. A key threat to this potential is the ever-present possibility of cyber disruption. The retail sector’s goldmine of consumer personal and financial information remains an attractive target for cybercriminals, along with the sector’s widespread digitization in response to changes in consumer buying habits. The proliferation of complex digital supply chains across retail continues to drive retailers’ efficiency, but it also gives attackers more places to hide.
But what will keep CISOs in retail awake at night in 2023? Let’s examine three key trends that are likely to dominate.
Credential Theft: Attacker Tradecraft Centers on Identity and MFA
At the core of the vast majority of cyber incidents is the theft and abuse of legitimate credentials, and the retail industry is no exception. As e-commerce becomes more the norm, financial information and personally identifiable information (PII) has become easier for attackers to access. We’re even seeing more hijacked accounts used as money mules for other forms of criminal activity.
Multifactor authentication (MFA) was once considered the key missing piece in the fight against credential theft, but with the recent Uber breach, we saw that MFA can be defeated. It hasn’t taken attackers long to find and exploit weaknesses in MFA, and they will continue to do so in 2023. MFA will remain critical to basic cyber hygiene, but it will cease to be seen as a standalone "set and forget" solution. Questions around accessibility and usability continue to dominate the MFA discussion and will only be amplified by increases in cloud and SaaS along with the dissolution of traditional on-prem networks.
Today and in the future, MFA should be viewed as one component of a wider zero trust architecture and strategy, one where behavior-based analytics are central to understanding employee behavior and authenticating the actions taken using certain credentials.
Ransomware Rushes to the Cloud
The vast majority of retail cyberattacks are financially motivated, with ransomware continuing to top the list of attack types most frequently faced by the sector.
Ransomware attacks are ever-evolving, and as cloud adoption and reliance across the retail sector continues to surge, attackers will continue to follow the data. In 2023, we're likely to see an increase in cloud-enabled data exfiltration in ransomware scenarios in lieu of encryption.
Third-party supply chains offer those with criminal intent more places to hide. Targeting cloud providers instead of a single organization gives attackers more bang for their buck. Attackers may even get creative by threatening third-party cloud providers — a tactic which already impacted the education sector in early October when the Vice Society ransomware gang blackmailed Los Angeles Unified (LAUSD), the second largest school district in the U.S., publishing highly sensitive information, including bank details and psychological health reports of students on the darknet.
Recession Requires CISOs to Get Frank With the Board About Proactive Security
Cyber security is a boardroom issue, but with growing economic uncertainty, organizations are being forced to make tough decisions as they plan 2023 budgets.
We can expect to see CISOs move beyond just insurance and checkbox compliance, opting for more proactive cybersecurity measures in order to maximize return on investment in the face of budget cuts, shifting investment into tools and capabilities that continuously improve their cyber resilience. With human-driven means of ethical hacking, pen-testing and red teaming remaining scarce and expensive as a resource, CISOs will turn to artificial intelligence-driven methods to proactively understand attack paths, augment red team efforts, harden environments, and reduce attack surface vulnerability.
For the retail sector, this technology will be powerful for fighting industry-specific challenges like brand abuse. For example, there are AI innovations available today that can distinguish a retail company’s external assets from the rest of the global internet. The AI’s processing features learn brand-related assets such as logos and domain names, and then leverage natural language processing and image classification algorithms to tackle even the most ambiguous and error-prone assets encountered to identify and stop copycats and typosquatters.
Marcus Fowler is the CEO of Darktrace Federal, a global leader in cybersecurity AI.
Related story: A Pair of 2023 E-Commerce Fraud Trends and How to Stop Them
Marcus Fowler is currently the CEO of Darktrace Federal. Marcus spent the last 15 years as a CIA officer developing global cyber and technical operations and strategies and has led cyber efforts with various US Intelligence Community elements and global partners. He is recognized as a leader in developing and deploying innovative cyber solutions. He has vast experience advising senior leaders on cyber efforts and developing the strategic way forward.