With the UK’s High Streets floundering amid falling consumer power and rising import prices, the country’s retailers have turned towards digitalisation to improve their customer experience and find efficiency savings in a struggling retail sector. However, as Anthony Perridge points out, these opportunities don’t come without risks. Indeed, new analysis shows that the number of cyber breaches in retail more than doubled in the last year, resulting in disruption, reputational damage and significant financial losses.
Last year, health and beauty retailer Superdrug Stores admitted to a security breach that potentially compromised names, addresses and, in some cases, the dates of birth and phone numbers of 20,000 customers. The financial and reputational consequences of a cyber attack can be huge and retailers of all sizes, including Superdrug, need to ensure they can effectively respond to and recover from a cyber breach if the worst should happen.
Retailers are very tempting targets for hackers due to the sheer amount of business being done, the scale of their systems and the type of data being held. As a result, they face a multitude of threats from different cyber criminal individuals and collectives, using an ever-increasing variety of vectors and techniques.
In such a crowded environment, knowing where to direct defence activity is a large part of the problem. These businesses need cyber security teams to find a way to combine and summarise all external and internal threat data, filter out the noise, assess and prioritise threat intelligence and use that threat intelligence to act.
In cyber security, attack is the best form of defence. Therefore, the faster a team can streamline their ability to import, enrich, deploy and operationalise that information, the more chance that these actors make offensive mistakes and oversights.
Key challenges for retailers
The key challenges for retailers surround PIN and payment information, spear phishing and vulnerability patching.
Personally Identifiable Information and payment information
Personally Identifiable Information (PII) and credit card data is essential to the retail industry. Every transaction involves the exchange of valuable information, and this massive amount of data makes retailers lucrative targets for threat actors. Secure payment technology helps to strengthen defences, but it’s not a silver bullet.
When attacks do happen, research by Visa shows that they result in higher impact breaches. While chip technology increases the security of Point-of-Sale transactions, it does nothing to protect Card Not Present transactions involved in the e-commerce side of the business.
Many of the top threats to the retail industry use spear phishing e-mails that are nearly impossible to differentiate from legitimate ones. Some campaigns engage in a rapid, wide-scale attack to target multiple merchants using a scattergun approach. Others target the merchant’s Point-of-Sale vendor or integrator to gain access. Once inside the network, they take advantage of vulnerabilities for credential takeover and privilege escalation to steal payment card data or launch ransomware attacks.
Threat actors take advantage of the fact that IT and security teams struggle to keep up with patching of their Point-of-Sale systems, e-commerce payment applications and underlying internal infrastructure. As retail merchants strive to remain competitive in this difficult market, they invest in additional digital channels, applications and technologies that add complexity to the environment, further compound patching challenges and create new vulnerabilities.
Six steps to success
Retailers need to ensure that their cyber teams are operationalising threat intelligence, therefore allowing teams to learn from industry peers and their own past experiences to discover adversarial TTPs and proactively reassess and strengthen defences to combat future attacks.
Following these six workflow steps allow retailers to successfully combat these ongoing threats.
Consolidation of all sources: Whether the information is external (eg R-CISC) or internal (eg SIEM). The threat intelligence and vulnerability data need to be kept in a central repository
Elimination: With the large amount of data and sources, it’s imperative to eliminate noise and easily navigate through vast amounts of threat data to focus on critical assets and vulnerabilities
Prioritisation: Security teams need to ensure that they prioritise what matters most for their respective environment
Proactivity: It’s important to ensure the teams are hunting for malicious activity which may signal payment card fraud, denial of service attacks and other harm to consumers and merchants
Focus: Attention on known security vulnerabilities in currently active exploits which may impact regulatory status and security posture is also a key step in ensuring proactive measures are taken
Analysis: Evaluation and response to attacks against multiple targets, including Point-of-Sale systems, e-commerce applications, new digital channels and supporting infrastructure is another important step in proactive measurement
All these steps are necessary. Having a robust threat intelligence platform to assist the security teams will ensure it gives retailers the context and prioritisation they require to make better decisions, accelerate detection and response to combat the biggest threat to retailers in the modern digital age.
Anthony Perridge is Vice-President (International) at ThreatQuotient