Quick. Think fast! Which industry is the most under attack by cybercriminals?
If you guessed the financial sector, which has historically been the most targeted industry, then it’s time to update your understanding of today’s cybersecurity threats because retail has taken the top spot, according to 2016 NTT research.
(Finance, meanwhile, fell to 14th place.)
Why has retail taken the dubious honor of hackers’ most targeted industry? It has to do with two key factors: the types of data that retailers handle and the protections around that data.
The retail industry handles massive volumes of extremely lucrative data. The course of everyday business puts retailers in possession of customers’ payment card data, other financial information, and personally identifying information, including addresses and other contact information gleaned through sign-ups for rewards cards, newsletters, and other marketing tools. Such information is particularly attractive to cybercriminals due to the demand for it on Dark Web black markets where it can easily be sold to a vast number of buyers. However, retailers often have fewer safeguards in place to protect this sensitive information than industries, such as finance, where heavier regulatory burdens generally lead to greater investment in cybersecurity.
And, retailers present other unique risk factors, chief among them the following:
- Multiple, easily hacked end-points: Many attacks on retailers happen at the point-of-sale (POS) system, which is a common target for malware attacks. Growing support for EMV chip-enabled cards may mitigate this in the future, but unfortunately, the chip-and-signature protocol being adopted by US retailers is less secure than the chip-and-PIN system used elsewhere.
- High employee turnover rate: The large numbers of employees and the rapid churn typical of retail organizations generate a heavy workload for the IT administrators tasked with provisioning user credentials for new workers and deprovisioning them for those leaving the company. When admins must manually set up, manage, and delete worker accounts and access, these time-consuming, routine tasks become tempting to rush and easy to flub. Even the best people make mistakes when given too many things to get done—and a single mistake in this area can open the door to disaster. Neglecting to terminate access to systems when terminating a worker’s employment is particularly dangerous.
- Seasonal/contingent workers: Closely related to the problem of high employee turnover is the retail industry’s reliance on seasonal and contingent workers to temporarily shore up the workforce during peak sales times of the year. We have discussed the dangers that seasonal workers pose to data security before. Essentially, the provisioning and deprovisioning demands that are already problematic with regard to regular employees become even more critical with contingent workers, whose churn is higher and whose employer loyalty is generally lower.
- Contractors and supply-chain partners: Let us never forget that the $300 million Target breach originated via a breached HVAC contractor—that is to say, a third party, beyond the control of Target’s internal security teams. Hackers look for the weak link in the chain, any entry point they can exploit. This weak point often resides in the systems of third parties in the supply chain or partner network, a problem that will only grow worse as organizations become more and more connected. Retailers must not allow the vulnerabilities in their partners’ systems to affect company security.
Protecting Retail Corporations
No single security solution can prevent all attacks on a retail company’s systems. Advanced malware is thus named because it is advanced, capable of overcoming many security technologies. Solving the retail industry’s security woes will rely on the layering of different and complementary security technologies—antivirus and antimalware for POS systems, for example, combined with strong authentication, behavioral fraud detection, mobile authentication, and other user credential monitoring and enforcement processes for other internal systems.
IAM is a critical link in the chain. A modern IAM platform can minimize the dangers created by many of the risk factors discussed above. Homegrown systems and cobbled together point solutions are not designed for the scale that modern retail chains demand. Automating the generation, monitoring, and termination of user access credentials for regular employees, seasonal workers, and external partners as they enter, move, and leave will go a long way toward ensuring that a retail organization does not suffer a breach through one of those weak points.
Hackers are targeting retail corporations because retailers currently offer some of the most lucrative data with some of the worst security weaknesses around. That can change as enterprises adopt IAM and tighten up user access to sensitive information. Shutting out attackers may not directly increase a business’s profits, but the millions saved through data breaches averted are well worth the investment.