Quick. Think fast! Which industry is the most under attack by cybercriminals?
If you guessed the financial sector, which has historically been the most targeted industry, then it’s time to update your understanding of today’s cybersecurity threats because retail has taken the top spot, according to 2016 NTT research.
(Finance, meanwhile, fell to 14th place.)
Why has retail taken the dubious honor of hackers’ most targeted industry? It has to do with two key factors: the types of data that retailers handle and the protections around that data.
The retail industry handles massive volumes of extremely lucrative data. The course of everyday business puts retailers in possession of customers’ payment card data, other financial information, and personally identifying information, including addresses and other contact information gleaned through sign-ups for rewards cards, newsletters, and other marketing tools. Such information is particularly attractive to cybercriminals due to the demand for it on Dark Web black markets where it can easily be sold to a vast number of buyers. However, retailers often have fewer safeguards in place to protect this sensitive information than industries, such as finance, where heavier regulatory burdens generally lead to greater investment in cybersecurity.
And, retailers present other unique risk factors, chief among them the following:
No single security solution can prevent all attacks on a retail company’s systems. Advanced malware is thus named because it is advanced, capable of overcoming many security technologies. Solving the retail industry’s security woes will rely on the layering of different and complementary security technologies—antivirus and antimalware for POS systems, for example, combined with strong authentication, behavioral fraud detection, mobile authentication, and other user credential monitoring and enforcement processes for other internal systems.
IAM is a critical link in the chain. A modern IAM platform can minimize the dangers created by many of the risk factors discussed above. Homegrown systems and cobbled together point solutions are not designed for the scale that modern retail chains demand. Automating the generation, monitoring, and termination of user access credentials for regular employees, seasonal workers, and external partners as they enter, move, and leave will go a long way toward ensuring that a retail organization does not suffer a breach through one of those weak points.
Hackers are targeting retail corporations because retailers currently offer some of the most lucrative data with some of the worst security weaknesses around. That can change as enterprises adopt IAM and tighten up user access to sensitive information. Shutting out attackers may not directly increase a business’s profits, but the millions saved through data breaches averted are well worth the investment.