Cybercriminals Have Retail Directly in Their Crosshairs

Cyberattacks are increasingly prominent, particularly in the retail sector. According to the 2020 Trustwave Global Security Report, the retail industry was the most-targeted sector for cyberattacks for the third year in a row. In fact, in the company’s analysis of trillions of logged security events and hundreds of hands-on data breach investigations around the globe, nearly one-quarter of all attacks took place in the retail vertical — far outpacing any other industry vertical.

The reason the retail industry is increasingly targeted by cybercriminals is that retailers — whether brick-and-mortar or e-commerce — handle and often store a wide variety of sensitive consumer information, from payment card data to customers’ names, addresses and even birthdates. E-commerce attacks seeking to steal card-not-present (CNP) data made up the majority of cyberattacks in the retail sector last year (53 percent).

This is significant, especially when compared to the other types of attacks that occurred in the retail sector last year: 27 percent of attacks sought retailer’s financial data, 10 percent stole user credentials, and 10 percent targeted card track data. The increased focus on CNP data coincides with a significant decline in incidents involving point-of-sale (POS) systems, which dropped from 31 percent of incidents in 2016 to just 5 percent last year. This shift in cybercriminals’ focus from attacking POS systems to stealing CNP data is mainly due to countries around the globe moving to an EMV chip-card standard for transactions. EMV adoption has made compromise more difficult and forced cybercriminals to shift strategies.

As retailers have adopted newer, more secure EMV-compatible card readers, they must now shift their focus to strengthening the security of their online storefronts in order to ward off growing attacks from increasingly sophisticated hackers. One such example is Magecart, a cluster of criminal groups that specifically target retail websites that use the popular Magento e-commerce platform. They infect sites, mainly through malicious scripts that steal customers' sensitive payment card information during the checkout process.

Magecart and others demonstrate the necessity for heightened threat detection and response in the retail industry. There are several steps retailers can take to strengthen their security posture to help prevent such attacks from occurring.

1. Assess risk and determine what needs to be protected.

Look at the security threats that are most likely to plague your systems and prioritize the assets you need to protect, whether it's credit card information, identity information or other sensitive data. Thoroughly vet all third-party vendors connecting to your networks, and don't rely on the cloud services you use to adequately protect your sensitive data. Taking the time to assess risk and identify potential threats leads to a better understanding of how to eliminate them.

2. Test continuously and patch vulnerabilities.

Security testing infrastructure, databases and key applications are especially important in areas like remote access software, POS systems and e-commerce applications. Viewing this from the lens of risk management is a great way to start, through prioritizing vulnerabilities and testing all applications that could be targets. Additionally, an essential best practice against threats is ensuring all software and components are updated in 24 hours or less with the latest security patches. Disabling unnecessary extensions is also key for reducing vulnerability risks.

3. Defend in real time and monitor threats.

Retailers should make sure they have the proper tools and security measures in place so that they're not left scrambling to secure their data in the event of a breach. One way to do so is by enlisting the help of a third-party security service provider, which can assist with securing mobile, cloud and web applications, such as basic testing and deep penetration testing to prevent the need for any last-minute efforts to block newly emerging threats. This can help to ensure a proactive approach — detecting and eliminating threats in real time, rather than just reacting to breach alerts after they've happened.

4. Monitor, uncover and respond to threats.

Having a timely process of searching for and finding threats is crucial to defending your data, and how you respond to threats is especially important. Have an emergency plan ready to go ahead of time that you can reference in a crisis. Crisis plans should include detailed steps for threat containment and mitigation, including how to remove affected systems from the network, updating firewall and anti-virus software rules, disabling accounts and updating passwords, and applying security patches. Additional steps may include reviewing breach notification requirements, engaging legal counsel, and notifying stakeholders.

Though retailers may be the most vulnerable to e-commerce and CNP attacks, they can take the necessary steps to fight back against attackers and ensure that their data remains secure. By taking a proactive approach to cybersecurity and protecting data, retailers can keep pace with cybercriminals, who are constantly evolving and searching for new means to steal valuable data. Additionally, investing in security education remains one of the most effective means of threat prevention by empowering employees to better understand, identify and avoid threats. By following these four steps as well as placing a higher emphasis on educating employees on security best practices, retailers can reduce their risk of a data breach and make themselves less of a target for future attacks.

Mark Whitehead is global vice president of SpiderLabs Consulting at Trustwave, a leading cybersecurity and managed security services provider focused on threat detection and response.