Retail Sector-A Major Target of Cybercriminals
The retail sector is the major target of cybercriminals. It is highly vulnerable to cyberattacks. The risk of cyberattacks is increasing all around the globe and across all fields but retailers have become the consistent unwanted victims of this attack. According to Trustwave’s 2018 Global Security Report, 17% of all cyberattacks were directed at retailers. There has been a huge shift to digital platforms in recent years by the retail sector. This makes them more likely targets of cybercriminals. Also, last year’s restrictions related to the pandemic have increased the demand for online shopping manifolds.
According to Imperva’s report, the year 2020 saw a humongous rise in cyberattacks targeting the retail sector. Right after the lockdown, the traffic to retail websites increased by 28%, in comparison to the 2019 holiday shopping season. Over 30% of cyber-attacks have originated from the USA, with Ukraine-Russia combination attacks amounting to 27%. Around 98% of occurrences on online retailers were employed through automated bots, which are found to be targeting apps, websites, and APIs.
Retailers are the most tempting victims of cybercriminals. The organizations that have been attacked by cybercriminals recently include Kmart, Croma, Ticketmaster, Bredon, Premier Kids Care, Dickey’s Barbecue Pit, Designer Brands Inc., and Viandes Dubreton among others. The regions that have been major targets include North America, Southeast Asia, and Eastern Europe.
E-commerce rise implies that the retail sector now holds a huge amount of customer data, which can be used by attackers to cause harm. In recent times mostly all the big retailers have online stores, which demand the customer to create accounts. For creating these accounts customers share their personal data and also sensitive information like bank and card details. If the attackers gain access to these customer accounts they get hold of vulnerable customer information. Hackers can sell this data on the dark web and practice ‘carding’.
Not only this, the criminals who purchase the customer data through the dark web further use it to buy products from online platforms. The
customers often reuse their login credentials across multiple platforms, so the criminals make login attempts using the same credentials across multiple online platforms. This practice is called ‘credential stuffing’. A report by security analysts suggests, 90% of attempted retail login was done by hackers to access numerous accounts.
Unsurprisingly, the online payment process is the most common attack vector.
Often retailers hire inexperienced and young staff who lack cybersecurity training. This makes them vulnerable to common ‘social engineering’ attacks such as ‘phishing’.
Certain precautionary methods that the retailers should adopt include:
- To have a team of cybersecurity professionals who can manage and protect the various physical and digital assets.
- Creating and implementing a full-proof cybersecurity policy.
- The employees should be given basic knowledge of this domain. This will ensure that the employees are at least aware of all the possible threats and will be able to deal with them at an elementary level.
Cybersecurity in the retail sector is no cakewalk. It is very complex and multidimensional. There are innumerable areas to be focused on. The
major areas targeted in the recent attacks are data theft, unauthorized access, fraud, phishing, code injection, and spoofing.