Cyberattacks Targeting the Retail Industry
Retailer data breaches are increasingly common as cyber criminals execute high-value retail cyberattacks. Retail industry cyberattacks are a lucrative target for attackers, given retailers’ reliance on the internet for public-facing websites and web applications.
Retail market cyberattacks can be hugely damaging to organizations, resulting in service interruptions, periods of downtime, lost sales, and data loss. For example, the National Retail Security Survey found that cyber risks dominate retailers’ risk concerns, with retailers considering e-commerce crime (29%), cyber-related incidents (27.5%), and organized retail crime (27.5%) their biggest risk priorities over the previous five years.
Different Cyberattacks That Are a Threat to the Retail Industry
Retail cybersecurity is crucial to protecting organizations from a wide range of cyberattacks. Typical forms of cyberattack on the retail industry include:
Bots Abusing Apps and Websites
One of the most prominent attack vectors targeting the retail industry is automated attacks launched by bots. Automated bot attacks enable cyber criminals to infiltrate or overwhelm web applications and websites with vast amounts of internet traffic. Many retailers also use bots to monitor their competitors, track inventories, and price-scrape products.
In February 2018, bots were used to carry out a substantial cyberattack against software development platform GitHub. It generated peak traffic of 1.35 terabits per second (Tbps), which took the website down for five minutes.
Application programming interfaces (APIs) enable retailers to simplify tasks like data sharing and system connectivity. However, APIs often are not designed with security in mind, which results in them leaking data and leaving organizations vulnerable to cyberattacks. Cyber criminals can exploit APIs through various methods, such as injection attacks, authentication hijacking, and man-in-the-middle (MITM) attacks.
Distributed denial-of-service (DDoS) attacks are a form of bot attack, in which attackers use botnets to try and overload servers with vast volumes of internet traffic. A massive DDoS attack targeted Amazon Web Services (AWS) in February 2020. It amassed incoming traffic of 2.3 Tbps after cyber criminals hijacked web servers of the Connection-less Lightweight Directory Access Protocol (CLDAP), which has become a common target for DDoS attacks.
Account Takeover (ATO) Attacks
ATO attacks are a form of fraud and identity theft, which occurs when a cyber criminal gains unauthorized access to a victim’s online account. The attacker then poses as the user to change their account details, launch phishing attacks, steal data or financial information, and launch broader attacks against an organization. ATOs are commonly used in conjunction with bot attacks, phishing, and social engineering techniques.
Retail organizations are especially susceptible to credit card fraud. Cyber criminals can hack a website to steal financial information and use other attack vectors to intercept credit card data to make unauthorized purchases or steal money. For example, one of the biggest credit card fraud in U.S. history saw hackers amass over $200 million after stealing the details of over 10,000 credit cards and creating more than 7,000 false identities.
Inventory hoarding is a form of bot attack in which cyber criminals target retail websites and automatically add products to shopping carts but do not complete the purchase. This process, also known as denial of inventory, prohibits genuine customers from purchasing in-demand products and prevents retailers from making sales. It can also lead to retailers requesting unnecessary stock replenishments from suppliers and manufacturers.
Refund fraud involves a cyber criminal defrauding a retailer through the return process. A typical example of this is returning stolen items in an attempt to secure cash, stealing receipts to enable falsified product returns, and using another person’s receipt to steal a product. Refund fraud results in $18.4 billion of annual losses for U.S. retailers, according to research by Appriss Retail.
According to Statista, by 2025, the world's installed base of connected Internet-of-Things (IoT) devices will total 30.9 billion. This offers advanced levels of connectivity but leaves organizations vulnerable to cyberattacks as IoT devices often lack the required built-in security.
The most significant example of the threat of IoT retail market cyberattacks was the DDoS-based attack on Dyn, an internet performance management company, that infected IoT devices to flood websites with traffic.
Gift Card Hacking
Gift card hacking enables attackers to steal money, make unauthorized purchases, convert balances into real currency, and steal user login credentials to carry out more comprehensive attacks and identity fraud. These attacks typically target significant events like Christmas and Valentine’s Day and often use bots to steal sensitive information.
Point-of-Sale (POS) Cyberattacks
A POS attack targets physical transaction devices to intercept and steal financial data. It usually involves malware being deployed on devices, such as card payment machines, to capture the information they process.
Insider threats are a significant risk to the retail industry because of high employee turnover rate. Insider threats involve employees stealing corporate data or selling sensitive information to third-party organizations or competitors.
Consequences of a Data Breach
Suffering a data breach has significant consequences for organizations. This includes the risk of losing customers and revenue, as well as fines and legal punishment under increasingly stringent data privacy acts. For example, the European Union’s General Data Protection Regulation (GDPR) sets out maximum fines of £17.5 million ($24.8 million) or 4% of a company’s annual global turnover for failing to ensure cybersecurity for the retail industry.
Frequency of Cyberattacks Against Retail Companies
Cyber criminals are increasingly targeting retail companies. The industry was the number one target for cyberattacks in 2020, according to Trustwave’s Global Security Report. Of those attacks, 53% sought e-commerce card-not-present data, 27% targeted financial data, and 10% saw the theft of user credentials.
Cybersecurity for the Retail Industry
Retail firms can protect their data and users from cyberattacks by implementing the following strategies:
Monitoring POS Systems to Check for Breaches
POS systems are a significant target of retail cyberattacks, so organizations need to use solutions that monitor suspicious or malicious activity.
Educating Employees About Cybersecurity
Employees are retail organizations’ first line of defense against cyber crime. Companies need to educate employees on the risks they face, how to spot a potential cyberattack, and the best practices they need to follow to keep their data and online accounts secure.
Testing Company Email Systems for Malware
Email security solutions can help organizations detect suspicious activity and prevent users from clicking malicious links and attachments or sharing sensitive information outside the organization. It is crucial to regularly or continuously test email systems for malicious software.
Encrypting Any Essential Data
Critical or sensitive data needs to be encrypted when being shared or stored on corporate systems. This ensures an attacker cannot read or amend the information, even if they manage to intercept or steal it.
Creating a Backup of Essential Data
Backing up essential data is also crucial to keeping information and systems secure. This is especially important in the event of a ransomware attack, which locks affected data or devices. With backups in place, organizations can simply revert to a backup to prevent data loss or downtime.
Monitoring for Attacks and Unusual Network Activity
Antivirus and anti-malware solutions enable organizations to monitor for suspicious or unusual network activity and prevent potential cyberattacks. This is critical to preventing unauthorized access to corporate networks and stopping cyber criminals from stealing sensitive data.
Creating a Response Plan in Case a Breach Does Occur
Retailers need to have contingency plans in place that prepare them for the worst-case scenario. They need to create a response plan that outlines their strategy when a data breach occurs, including how they respond to it and the process for mitigating the attack.
How Fortinet Can Help
Fortinet solutions help retailers fight cyber crime with a comprehensive range of network and security technologies. The Fortinet Solution for Retail provides retail organizations with enhanced visibility and management of their IT networks and systems without sacrificing user experience or incurring high costs. The Fortinet retail cybersecurity solution includes tools that protect organizations’ entire attack surface, such as next-generation firewalls (NGFWs) and secure wired and wireless access points.
For more information on how Fortinet can help protect retail organizations, watch this software-defined wide-area networking (SD-WAN) demo for retail security.