Four Cybersecurity Trends That Every Retailer Needs to Know

By Bill Conner

Call it optimism or just human nature — retailers, like most people, don’t like to spend a lot of time thinking about unseen threats. A series of painful breaches a few years ago forced the industry to wake up to the dangers of cyber crime and implement new measures to address and control online risks, leading to industrywide security gains. However, cybersecurity isn't a point-in-time solution, it’s an arms race — and cyber criminals have continued to achieve their own share of victories, requiring security teams to continually innovate and adjust their strategies.

Recently, SonicWall released its 2017 Annual Threat Report, detailing the biggest cybersecurity trends retailers and other businesses faced last year as identified by our Global Response Intelligence Defense (GRID) Threat Network. For better or worse, four of those trends are poised to continue shaping the threat landscape for retailers throughout this year.

Point-of-Sale Malware Creation Declined Drastically

The widespread implementation of point-of-sale (POS) chip-and-signature systems seems to have reduced one target on retailers’ backs for the time being. These upgraded security measures caused POS malware creation to decline drastically — a total of 93 percent since 2014. As you probably remember, that was the year major retailers including Michaels, The Home Depot, Staples and several others were compromised, leading to breaches of millions of customer records and credit cards. This is an important victory, but it doesn’t mean retailers should let down their guard. Bad actors will continue to look for gaps to exploit in POS defenses, so it’s vital retailers keep their infrastructure and software up-to-date and compliant with best practices to ensure this secure streak continues.

Ransomware Held Profits Hostage

While POS malware attacks decreased, a clear win for the cybersecurity industry, retailers should be aware of a popular type of malware that plagued businesses in 2016: ransomware. Ransomware locks down victims’ systems and data until a ransom is paid to regain access. This type of attack grew in usage from 3.8 million attack attempts in 2015 to 638 million last year, affecting victims from virtually all industries, including retail. Since retailers’ revenues can be directly affected by downtime of their e-commerce websites, we can expect cyber criminals to have an increased interest in attacking merchants.

Distributed Denial-of-Service Attacks Took Down Online Retailers

Cyber criminals successfully hacked thousands of security cameras and other IoT devices to launch the largest distributed denial-of-service (DDoS) attacks in history in 2016, one of which temporarily brought down DNS service provider Dyn. This attack blocked major retail sites from being accessed by customers, including Starbucks, Etsy and Overstock.com, over the course of one day. DDoS attacks will likely continue to plague retailers in 2017 for the same reason as ransomware — retailers depend heavily on their websites for revenue, and cyber criminals hope retailers will do whatever it takes to regain normal operations.

SSL/TLS Encryption Protected More Internet Traffic, But Also Gave Cyber Criminals a Way in

Retailers have long used Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption (signified by a HTTPS URL and lock icon on browsers) to secure customer data via online purchases. However, this security measure has become common for businesses of all types, growing at a rate of 34 percent year-over-year and representing 62 percent of web traffic today. While encryption makes it harder for criminals to steal individual customer payment information, it can also provide a back door into the network that cyber criminals can exploit to sneak in malware. For this reason, it’s recommended that retailers ensure their firewalls are capable of deep packet inspection (DPI), which gives them the ability to catch encrypted malware as it makes its way into the network.

The positive news is that the good guys, cybersecurity professionals, have already developed tools and best practices to combat each of these threats. Retailers simply have to make sure they’re staying on top of changing cybersecurity trends. This starts with a solid battle plan that ensures your security technology is up-to-date and employees are well educated on current cybersecurity trends and best practices. The cybersecurity arms race isn't going to end any time soon, but that doesn’t mean you can’t be victorious.

Bill Conner is the president and CEO of SonicWall, a network security company.