Improving Resources to Combat Retail Cyberattacks

Just as with great power comes great responsibility, with major advances in technology come ever-changing, ever more inventive ways of upending it. Hacking and other cyberattacks are at least as much of a cybersecurity threat to retail as to other industries, in that they touch millions of consumers and the well-being of their identities and finances. To get a handle on the breadth and depth of this issue for retail, Fung Global Retail & Technology recently conducted a three-part study, and present here an overview of the rampant problem, as well as how cybersecurity forces to combat it are gaining in power and innovation.

It’s clear from the enormity of the damage caused by the breaches that we're no longer dealing with amateurs. Cyberattackers are no longer teenagers showing off, but organized crime rings with clear jobs and goals. A variety of hackers are categorized by the color of “hat” they wear, which corresponds with their presumed motivation. There are also organized crime and state-sponsored hackers, and the dark web has emerged as a marketplace for stolen personal information.

An advanced attack is comprised of four stages: infection, persistence, communication, and command-and-control. Cyberattack exploits generally seek to cause a buffer overflow — i.e., an infection — in the target’s software, which makes the program quit and transfers the attacker to the shell (or command line), thereby enabling the attacker to enter commands and gain access. Persistence refers to malware remaining within a network until activated. In the next stage of an attack, the malware establishes a communication channel with the attacker through encryption or other unusual routes. And finally, the command-and-control component ensures that the attack can be controlled, managed and updated over time.

Hackers can take advantage of vulnerabilities in systems, such as the use of weak or common passwords, in order to wage attacks through use of malware, spam, botnets or ransomware. Several types of malware exist — bots, or automated processes that interact with network services, can collect information or interact with instant messaging; Trojans, which look legitimate but contain something harmful; viruses, which replicate themselves by inserting a copy into another program; and worms, stand-alone software that require human assistance to spread. Distributed denial of service (DDoS) attacks have become prevalent in, but not limited to, the financial services industry. Other types of attack include hacktivism (also known as vigilantism and shaming) and internet-powered bank heists.

With a cybercrime landscape so vast and varied, and changing so fast, retailers and other industries may despair of ever gaining control over their online and digital strategies. One cybersecurity firm, Kaspersky Lab, reported having repelled, in 2016 alone, 758,044,650 attacks launched from online resources located all over the world.

For both individuals and enterprises, it's a struggle to keep the bad actors at bay. They’re relentless and tireless, and all it takes is one person clicking on the wrong email link to let them in. Cyberattacks are largely enabled by the human element — i.e., our own apathy, inattention to detail or lack of vigilance.

The burden of cybersecurity falls on all of us. To keep cybercriminals out, we must stay on top of our game and not doze off. Fortunately, a powerful cybersecurity industry has emerged to meet the threat, and is growing.

As fast as cybercrime is spreading, industry is responding with innovative and strong solutions that are working on multiple fronts. Is your organization aware of the cybercrime threat and the best defense that can be taken against it? Sometimes the best defense is a good offense, so get strategic.

Deborah Weinswig is managing director of Fung Global Retail & Technology, an international retail think tank. She can be reached at DeborahWeinswig@fung1937.com.