Fortifying Your Retail Operations in the Face of Growing Cyber Threats

In today’s fast-paced retail and consumer industry, the shift towards hybrid shopping is rapidly changing the way retailers do business. As the shift to hybrid shopping persists, however, it also creates new security challenges for retailers and wholesalers to protect sensitive customer information and its supply chain network.

According to data from IBM’s 2023 X-Force Threat Intelligence Index, the retail and wholesale industry was the fifth-most attacked industry in 2022, accounting for 8.7% of all attacks among the top 10 industries, up from 7.3% in 2021. With vast amounts of customer data and financial information at stake, and a high volume of transactions processed, it’s no wonder that attackers are eager to infiltrate these companies and steal valuable information.

Of note, the proliferation of digital shopping applications has increased risk within the industry. Today, consumers use various digital shopping applications to purchase goods, making it even more challenging to maintain security. With multiple apps to interact with, it is easier for attackers to find vulnerabilities and exploit them. Risk also lies in the complex network of suppliers and partners that make up the retail and wholesale supply chain, leaving the industry exposed to potential security gaps and vulnerabilities that attackers can exploit.

To protect themselves and their customers, retailers and wholesalers must take proactive measures to stay ahead of the curve in terms of technology and security.

Here are some key recommendations to keep in mind:

1. Stop Blaming the User: Cybercriminals are becoming more sophisticated, and their methods for tricking users into clicking on malicious links are evolving. According to the 2023 Threat Intelligence Index, phishing emails with malicious links were the most common entry point, accounting for a staggering 33% of cyber incidents in the retail and wholesale industries.

Cybercriminals are increasingly using a technique called “thread-hijacking” to make their phishing attacks more convincing. In these attacks, for example, a cybercriminal may intercept an ongoing email thread between a retailer and a supplier, and then inject a message containing a phishing link that appears to be from the supplier.  The retailer may be more likely to click on the link because it appears to be part of a legitimate conversation, which could result in a data breach, financial loss, or other serious consequences.

Traditionally, the blame has been placed on the user for clicking on malicious links, but it’s time for the focus to shift towards training and providing the right technology to protect users from falling victim. Implementing strong multi-factor authentication (MFA) can prevent unauthorized access and limit the impact of a potential attack.

Additionally, retailers should regularly monitor their systems, restrict access to servers and applications to the minimum required carry out their jobs, and design their networks such that in case of a breach, its impact can be contained and confined to a specific region.

2. Reduce your Attack Surface: Retailers should manage their assets by asking the right questions: “What do we have? What are we defending? What data is critical to our business?” These are the first questions any security team should answer to build a successful defense.

Prioritizing discovery of sensitive assets on your perimeter, understanding your exposure to phishing attacks and reducing those attack surfaces further contribute to holistic security.

Finally, organizations must extend their asset management programs to include source code, credentials and other data that could already exist on the internet or dark web.

3. Speed up Response Times: For wholesalers, the speed of their response time to a cyberattack can mean the difference between minimal impact on their supply chain and significant disruption. With a complex network of suppliers and partners, a breach in security can quickly spread and cause harm to the entire system.

Quickly identifying and mitigating threats can help minimize the damage and prevent a ripple effect throughout the supply chain. For retailers, a rapid response to a cyberattack is crucial in protecting their customers’ sensitive information and financial data. With numerous transactions being processed every day, a breach in security can lead to widespread financial fraud and a tarnished reputation.

The rise in backdoor deployments, which at 19% was the most common action taken by attackers in the retail and wholesale industry, points to some success in catching infections earlier by security teams. The majority of those backdoor cases were failed ransomware attempts, revealing that defenders were able to disrupt threat actors before any real damage could be done.

However, once adversaries innovate and adjust tactics, techniques, and producers to better evade detection, the success rate of ransomware attacks may go back up. Endpoint or extended detection and response technologies can help retailers detect potential threats and stop them in their tracks before they cause any significant harm.

4. Think Like an Attacker and Continuously Test: Retailers must be proactive in safeguarding their systems from potential attacks by regularly assessing their attack surface and continuously testing their systems. This includes identifying potential vulnerabilities, assuming compromise, and adopting a flexible, threat-driven strategy that adapts to the evolving threat landscape.

By regularly performing threat hunting, penetration testing, and red teaming, retailers can identify weaknesses and improve their security posture, protecting their customers’ sensitive information and financial data.

5. Fortify Data with Artificial Intelligence: By leveraging the power of data and artificial intelligence, retailers can proactively enhance their cybersecurity posture.

AI algorithms can analyze vast amounts of data to identify patterns and anomalies that could signal a potential threat, allowing retailers to detect and respond to cyber-attacks faster, more accurately and efficiently.

This not only protects the retailer’s systems, but it also ensures that customer data and financial information remains secure, helping to maintain the reputation and trust of the business.

The threat of cyber-attacks is constantly evolving, with attackers devising new techniques to bypass security measures. As such, it is crucial for retailers and wholesalers to adopt a flexible approach to cyber security, one that goes beyond just purchasing security tools.

Developing a comprehensive security plan and regularly testing it, learning from the results, and making necessary adaptations to stay ahead of the ever-changing threat landscape is critical to ensuring the safety and confidentiality of business and customer data.