Cybersecurity for the Retail Sector

The retail sector continues to be an attractive target to cyber criminals, with hacked retail organization notifications all over the pages of major public news media.

The Retail Sector Continues to be an Attractive Target to Cyber Criminals

While 2020 has impacted the retail industry heavily with store shut-downs, social distancing, and a move to online services, retail organizations have been historically one of the most attractive cyber criminal targets. Hacked retail organization notifications litter the pages of public news media telling the story of the rise of cyber criminals. The most attacked vector is point-of-sale (POS) systems, which have been abused by malware focused on credit card data skimming and the theft of other PII.

So, while cyber criminals operating against retail targets commonly target (POS) systems, they also engage in account theft, business email compromise, payroll manipulation, gift card fraud, money laundering, and the targeting of sensitive databases.

While cyber crime has garnered most of the attention of online adversaries, there have been some Chinese threat actors focused on cyber espionage in the retail industry as well. Aside from pursuing intellectual property and economic advantage, espionage actors may also seek to understand a company’s supply chains, manufacturing processes, and strategic business plans.

Retailers have not been frequently targeted for hacktivism campaigns, and if they have it has generally been distributed denial-of-service (DDoS) attacks, defacements, and data leaks.

Businesses in retail and B2B verticals crushed by physical store closures rushed into online sales this year to recoup the staggering losses caused by lockdowns and social distancing restrictions. In some cases, retailers found themselves with no income for a period of time and had no choice but to expand quickly online. Cyber criminals witnessed this unprecedented migration and were in lockstep shifting their attacks to take advantage of the changing trend. “Card not present” fraud certainly became more prevalent this year as online sales began to grow.

Speed to market, while a market share winner much of the time, can also leave risk management and other IT controls awash in the wake of deployment speed. Cyber criminals attacked unpatched or insecure versions of content management systems used by ecommerce sites using a variety of tactics.

Sensitive Business Assets at Risk

The retail sector for economic crime activity is always going to be attractive to the bad actors due to the huge stores of customer information that are easy to monetize and the low margins under which retail operates often leading to limited security investments. Cyber crime threat groups FIN6, FIN7, FIN8, and FIN9 have been observed targeting the retail sector in recent years.

Getting Strategy Right

The Apollo strategy and roadmap development methodology creates exceptional focus on the business and links the value creating activities of the organization to the security priorities developed and deployed to maximize risk reduction impact and cost optimization.

The alignment of business-critical assets, such as point-of-sale systems or customer PII, at the investment level brings hyper-focus to risk and investment trade-off choices that need to be evaluated. Ecommerce environments have major cyber risks like many verticals, but less common to all verticals include the following.

Advanced Digital Transformation

While this is an overused concept, digital transformation is making advancement in retailers’ move to Ecommerce platforms, big data lakes, and third-party distribution partners. Legacy application interconnectivity is common in traditional retail, and while this has many risks, the battleground seems to have shifted to online sales and distribution from brick and mortar.

While the public facing sites are under attack, strikes seeking back-end persistent access are also on the rise which require an enterprise-wide security strategy to find and prioritize relevant company crown jewels in the short-term.

In digital transformation, the goals of both enhancing technology and mining business rich data are equally important. Retailers possess a rich set of customer data, behavior, and preference information. Good security plans consider the implication of the following.

Technology Enhancement Plan

As retail and ecommerce move closer together, attackers will become more attracted to the combined entity. As value increases between ecommerce data sources, ERP systems, and big data lakes, the architecture, system integration, data protection, access control, and system integrity enterprises deploy must have a defined strategy to ensure the environment gets the appropriate protection during changing conditions.

Data Extraction and Movement Needs

In retail, much of the created value is in the data extracted and analyzed in the organization’s big data engine. The movement of data to the lake and the creation of data governance and stewardship is critical to maintain the value for the company. The increasing role of data privacy and the security of individual PII requires detailed governance plans and systems to automate processes so the organization can scale and still meet regulatory obligations.

Skills and Capabilities Needed to Meet New and Future Operational States

Once the ecommerce expansion is complete, new security team capabilities will be required to protect the organization, which interacts technologically differently than it did before. If the company has developed an online digital marketing capability or begun deploying mobile apps to reach their customers and consumers, defending these takes new skills other than internal data network. Evolving the cybersecurity program to ensure it has the skills needed to deliver today and tomorrow will increase the organization’s ability to be competitive and protect its valued assets.

Learn more about Apollo's digital security program development services.

Big Data

For retailers, linking enterprise ecommerce and security intelligence together to harness the power of the data and understanding the changing threat landscape can unlock business agility and allow the organization to take bolder risks. Good security is table stakes for competitive ecommerce firms today, so it stands to reason it will follow for retailers.

Typical High Maturity Security Programs for Retail Businesses

Ransomware Defense

At the end of the day, retailers need to be running to make the organization money, and ransomware attacks against retail environments, whether traditional POS attacks or online attacks will be of concern.

One of the most prudent program expenditures an organization can invest in today is a robust ransomware defense program, including the technology, procedures, and preventative systems to keep the threat out. With that said, there is a developing range of obfuscation technologies that can drastically reduce the risk to traditionally high cost-remediation environments.

Learn more about Apollo's ransomware protection services and solutions.

Security Architecture

Defining an architecture that both enables increased data flow intensity and delivers enhanced security needs is the role of ecommerce/retail security architecture. Ecommerce can be challenging due to speed and velocity of data flow. Applying sound security architecture skills, assessments, and design principles is still possible and will deliver the greatest overall value to the organization as the retail environment evolves and faces increased security threats.

Learn more about Apollo's security architecture services.

Web Platform Vulnerability Management

The battleground in retail and ecommerce is the customer interface point. Application coding, vulnerability management, platform security, fraud, account takeover, and security monitoring are all critical. Account takeover and the associated fraud can be a reputation killer and drive up customer service and reputation issues. Site coding security can directly determine the ability to protect customer PII and business reputation. The ability to monitor changes in security risks in real time is critical for timely incident response.

Ready to Speak to an Expert About Your Cybersecurity Needs?

If you're ready to ramp up your organization's defenses against the cybersecurity threats that put you at risk, click on the button below to speak to one of our experts.

Scroll to Top
Share
Tweet
Share
Buffer
Email