True North Networks Blog
Cyber Monday 2019: How can retailers avoid cyberattacks?
Cyber Monday 2019 kicks off on 2 December, concluding the onslaught of discounts and sales commenced by Black Friday. And with the majority of the events spend occurring online, the retail sector needs to be prepared for attacks from cybercriminals seeking to access data and extort retailers. Retail Insight Network investigates how retailers are affected by cyberattacks and what they can do to protect their business this coming Cyber Monday 2019.
Cyber Monday 2019: The facts and figures
Cyber Monday 2018, in the US, experienced a 432% year-on-year increase in ransomware attacks on the previous year, according to next-gen firewalls and cybersecurity solutions company SonicWall. And this Cyber Monday 2019 is set to see an increase in these attacks.
Figures from the 2019 Cost of a Data Breach Report by IBM Security and Ponemon Institute revealed that it took, on average, 228 days for retailers to identify a breach and 83 subsequent days for retailers to contain those breaches. The Mid-Year Update: 2019 SonicWall Cyber Threat Report revealed that 4.8 billion malware attacks involving retailers was recorded by SonicWall in first half of 2019 and that there was a 45% increase in never-before-seen attack variants over 2018. SonicWall also recorded 110.9 million ransomware attacks in first half of 2019 – a 15% year-to-date increase.
How are retailers susceptible to cyberattacks?
SonicWall CEO Bill Conner says: “When attacks like these happen to household brand names like Adidas or national institutions like the NHS, the temptation for small to medium-size businesses (SMBs) is to think that cyber attackers exclusively target large organisations. But SMBs are not immune. The reality is cyber attackers often focus their attention on SMBs since they are more likely to have low levels of sophistication in network security.”
The first half of 2019 also experienced a 76% increase in encrypted threats and a 51% increase in never-before-seen attacks via PDFs and 47% via office files.
Conner adds: “The problem for businesses and SMBs in particular is departmental siloing, an overreliance on legacy security systems and poor security training, which offers multiple points of entry for cyber criminals to gain access to sensitive information. Human error is often cited as the number one reason organisations are left exposed in this way. Human error encompasses everything from lack of vigilance to outright negligence when it comes to network security, but it is particularly a problem with email security.”
The cost of cyberattacks on retail
The IBM report also stated that, on average, a retail data breach costs the global retail sector US$1.84m, with a year-on-year (y-o-y) increase of 1%. The global average per-record costs of a retail breach amounts to $119, with a y-o-y increase of 1.7%.
Conner continues: “Between 2017 and 2018, 61% of SMBs experienced some kind of cyberattack, resulting in average net losses of around $1.2m (£1m) because of disruption to normal services.
“Consumers themselves, of course, bear the brunt of these attacks by having their personal information compromised. But retailers can face penalties from regulatory bodies and consumer representative groups bringing litigation; especially those who are not already using threat protection technologies.
“The recent $225m (£183m) fine incurred by British Airways and the $135m (£110m) incurred by Marriott are testament to this. That’s why it is imperative for retailers to ensure that their security approach is as robust as possible from the outset.”
How can retailers be protected for Cyber Monday 2019?
SonicWall VP of EMEA Terry Greer-King says: “The retail sector is under constant threat of cyberattacks due to its vast repository of customer data, which cyber criminals steal in order to sell in the Dark Web. Especially in the upcoming peak shopping season, cyber criminals are likely to amp up their attacks on retailers, hoping to capitalise on their increased activity. With many retailers relying on the last quarter of the year to boost their earnings, the potential damage increases exponentially.
“Retailers, whatever their size, should adopt both preventative and recovery measures to avoid data breaches that would lead to loss of customer trust, reparation costs, reputational damage and compliance issues that would follow them well into the new year. Adopting a layered security solution that’s able to block attackers at every step of the way is the safest option for retailers to protect their business against intrusions and attacks.”
Conner concludes: “As a first line of defence against cyberattacks, installing next-generation firewalls and enabling Deep Packet Inspection of SSL to inspect encrypted traffic is always critical. However, retailers need to be vigilant, as hackers are constantly developing new ways to attack business infrastructure and unless businesses are secured end-to-end, ransomware and other types of malware can easily find a vulnerable point of entry.
“Recently, Real-Time Deep Memory Inspection has offered a way of layering business security so retailers’ sensitive data can be protected across the board. Essentially, AI-powered technology detects and blocks malware, which does not at first exhibit obvious malicious behaviour but instead hides its weaponry via sophisticated encryption.
“It is important for retailers to begin looking at their security approaches now before the data shoplifters are in action again. After all, nothing has the potential to ruin the holiday season – for both retailers and consumers – more than compromised personal and financial data.”