<img height="1" width="1" src="https://www.facebook.com/tr?id=156746741685952&amp;ev=PageView &amp;noscript=1">
Show all

Is Your Retail Store Vulnerable to a Cyber Attack?

Retail has always been and remains on the front line of any free market economy. Without retail, there would be no consumption, and without consumption no commerce. However, in today’s digitally driven world, retail stores are finding themselves on a new front line facing cybercriminals who are actively targeting their systems and data.

According to the 2018 SecurityScorecard, the retail industry is the second most at risk sector in the economy when it comes to application security. Furthermore, the report found that out of a total of 18 industry sectors, retail ranks the lowest for coordinated social engineering attacks. Regrettably, this is not a new trend. The 2017 Trustwave Global Security Report found that the retail sector suffered the highest number of breach incidents. Trustwave also concluded that social engineering was the top method cybercriminals use to compromise retail environments.

Why Retailers Are Prime Targets for Hackers

It is easy to see why cybercriminals target retailers. With the majority of credit card transactions taking place at a retail store, the card data represents the modern day equivalent of buried treasure. However, there are a few other factors which make retailers prime targets for hackers.

1 – Multi-Channel Strategy Makes Securing Data A Challenge

Retailers operating in today’s digital economy need to adopt a multi-channel approach to remain competitive. Not only do they need to maintain their physical presence, but they also need to provide online channels for their digital customers. This multi-channel strategy helps retailers heighten the customer experience but also makes securing data a challenge. With customer data spread across a broad technology landscape, adequate security monitoring can be challenging.

2 – Point of Sale Vulnerabilities

Point-of-sale (POS) terminals not only capture card data but have been known to contain significant vulnerabilities which make them a prime target for hackers. However, the poor installation or misconfiguration of a POS device can also result in a compromise. If retailers do not take rudimentary security precautions such as segmenting their networks, running on the latest operating system version, and changing the manufacturer’s default passwords, they increase the potential threat vectors an attacker could use to compromise their systems.

3 – New Technologies

Retailers often deploy new technologies to introduce efficiencies into their business or grow their revenue base. However, these innovations are often additional avenues cyber intruders use to infiltrate retail technology environments. Quick Response (QR) codes, Tap-to-Pay solutions, beacon trackers, mobile management devices, and the Internet of Things (IoT) all create efficiencies in retail environments, but also provide hackers with multiple vectors into a network.

4 – Multiple Devices Across Various Locations

In larger retail environments, managing thousands of devices across hundreds of locations is a challenge. If even one unpatched device is on a network, it opens a gateway for an intruder. Further compounding the problem is technology which has reached its end of life and is no longer supported by its vendor. These older devices and applications do not receive security updates and as a result, pose a risk if they remain in use.

5 – Physical Access Vulnerabilities

Customers visiting stores is the fundamental principle which underlies the retail operating model. However, gaining physical access to a target is a prime objective for any hacker. Unlike the financial services or manufacturing industries where customer movement is restricted, retail environments provide full access to the public. As such, this is a virtual playground for malicious attackers who can roam freely and execute attacks such as gaining physical access to devices, scanning Wi-Fi networks, and manipulating QR Codes and beacon trackers.

How Retailers Can Protect Themselves from Cyber Attacks

As phishing is the primary attack vector hackers use to compromise retailers, security awareness training should be a top priority for any retail business. Initiatives such as these not only help employees understand the value of protecting the organization’s data and systems, it also provides them with the crucial cybersecurity skills they need to protect themselves online.

Retailers should also regularly conduct security risk assessments to uncover any vulnerabilities in their systems and networks. These assessments should also include physical security and social engineering testing which align with the current threat environment and retail operating model.

Retail organizations must also implement and follow cybersecurity best practices. These include:

  1. Implementing initiatives such as securing and segmenting their network.

  2. Ensuring their POS terminals, IoT, and any other devices run the latest operating system version and have no default passwords.

  3. Investing in a security monitoring solution to actively monitor the environment for any security-related threats or alerts.

  4. Complying with the PCI DSS standard for payment card security.  24By7Security is a certified PCI Qualified Security Assessor (QSA) company, authorized to assess businesses against the PCI DSS standard so that they can maintain high levels of ongoing security of sensitive data. 

    Want more tips like these in your inbox? Subscribe here to get notified when  we share valuable cybersecurity tips and news.
Rema Deo
Rema Deo

As CEO and Managing Director of 24By7Security, Inc., Rema is a highly experienced and credentialed information security professional. Among her certifications are PCI Qualified Security Assessor (QSA) from PCI SSC, Health Care Information Security & Privacy Practitioner (HCISPP) from (ISC)2, Certified Information Security Manager (CISM), and Certified Information Security Auditor (CISA) from ISACA. She also holds a certificate in Cybersecurity: Technology, Application, and Policy from the Massachusetts Institute of Technology, and Certified Data Privacy Practitioner (CDPP) from Network Intelligence. She earned her MBA from Symbiosis Institute of Business Management in Pune, India, and her Bachelor of Commerce degree from the University of Bombay. Be sure to follow the 24By7Security Blog for valuable insights from Rema and her colleagues.

Related posts

April, 16 2024
April, 9 2024
April, 2 2024

Comments are closed.

Using the NIST Cybersecurity Framework: The Dos and Don'ts
Safeguarding the Nation's Critical Infrastructure
Subscribe to our Blog!