Industry Insight
It’ s why retail makes such an appealing victim for ransomware attacks. When faced with disrupted systems, customers unable to make purchases and the business losing vast sums of money each day in lost sales, some companies choose to pay cybercriminals ransom demands of millions to receive the decryption key to restore systems, despite warnings from authorities that this only encourages further ransomware attacks and other crimes.
Attackers can achieve similar results with a Distributed Denial of Service( DDoS) attack – in this case, they simply overwhelm the retailer’ s website and systems with traffic. Sometimes these attacks are conducted just because someone wants to disrupt a business – but it’ s known for attackers to hit victims with a DDoS attack and only stop after extorting a ransom payment.
But it isn’ t just the way retailers provide vital services to people which make them such a tempting target for cybercriminals. Customers are providing retailers with vast amounts of personal information – including names, dates of birth, addresses, emails, passwords and banking or credit card details – all of which can be valuable if cybercriminals can gain access to networks or databases and steal it from retailers.
In this scenario, hackers can sell the information to other cybercriminals on the dark web or they could try to exploit it themselves. Either way, leaked information puts both the business and its customers at additional risk from theft and fraud – and there’ s a high chance that customers could lose trust in a retailer they perceive to have not protected their personal information responsibly.
The solutions
The wave of incidents has highlighted the threat of cyberattacks against retailers and the widespread disruption they can cause. But it must also act as an opportunity for the wider retail industry to reflect on cyberthreats and how to improve cybersecurity practices and safeguards.
Having Endpoint Detection and Response( EDR) tools in place to identify compromised devices is a good starting point, as having this can go a long way to detecting phishing links, malware or other malicious activity before it starts to become a problem.
However, attackers don’ t necessarily need malware to compromise a network. The rise of remote working and cloud applications allows employees to login to their corporate accounts from anywhere.
But this also provides an avenue for attackers to exploit: be it because they’ ve stolen login credentials, used a brute-force attack to breach commonly used or simple passwords or even posed as IT support staff to trick employees into resetting passwords – which is how the attacks targeting Marks & Spencer and Co-op started.
No matter how they’ re acquired, because the attackers are using legitimate login credentials it’ s harder to detect illicit activity.
There are steps which retailers can take to counter this threat, such as proactive network traffic analysis to detect unusual behavior from accounts, alongside log analysis to trace unauthorised access, especially from unusual sources.
“
Parag
A Zero Trust approach to security, where inherent trust is removed in favour of verifying if the user is legitimate at every step of the process, while it could be perceived as frustrating for employees, also goes a long way to protecting those employees, the retailer and customers from the threat of cyberattacks. And one way of helping to achieve this is by applying multi-factor authentication to accounts, especially those with administrator level privileges.
Investing these sorts of defences is vital to ensure the security of retail organisations; but it’ s also important for these businesses, as high-profile, high-value targets of cybercriminal gangs to also be proactive in defence.
Jain, Executive Vice President Manufacuring & Consumer Services, Chief Growth Officer, Zensar Technologies
THEY SHOULD BE REVIEWING THREAT INTELLIGENCE TO UNDERSTAND THE LATEST TRENDS, TECHNIQUES AND VULNERABILITIES EXPLOITED BY ATTACKERS TO HAVE THE BEST CHANCE OF DEFENDING AGAINST THEM.
36 www. intelligentretail. tech