In the highly competitive retail market, businesses are leveraging technology to strengthen brand loyalty and enhance consumer experiences in ways that only science fiction writers could have imagined 40 years ago. Storefronts are eliminating the checkout process, augmented reality is reducing return rates and virtual marketplaces are offering new consumer experiences. But as retailers digitize operations to differentiate customer experiences, they also face a growing wave of cyber threats targeting sensitive customer data and critical business systems.
Findings from Trustwave’s Retail Sector Risk Radar Report highlight the sophistication of today’s malware and phishing tactics, as well as the risks posed by supply chain vulnerabilities. Achieving revenue growth and ensuring strong defenses require decisive decision-making, but history has shown that this can also inadvertently expose businesses to additional risks. To protect themselves, businesses must take proactive measures to secure their operations in an increasingly hostile digital landscape.
Malware Threats Exploit Everyday Retail Tools
Recent malware attacks targeting retail platforms are becoming more sophisticated and disruptive, exploiting tools and software that retailers depend on daily. In April 2024, Ticketmaster suffered a substantial data breach for which the hacking group ShinyHunters claimed responsibility. The attack exfiltrated data from more than 500 million customers, including phone numbers, email addresses, credit card numbers and event tickets.
The attacks only continued — in July, Neiman Marcus Group was among several companies affected by attacks targeting users of the cloud-based data storage platform Snowflake. While attackers target retailers across verticals, food- and event-oriented retail have been highly targeted. At the end of the day, threat actors follow the money and utilize the lowest-effort channels to reach it.
Advertisement
As such, cybercriminals are finding insidious ways to embed malicious code into widely used platforms like Facebook Business accounts and Microsoft Teams, which are essential for customer communications, marketing and operational efficiency. Ransomware groups like Play and LockBit have established themselves as significant threats, with Trustwave’s research revealing that ransomware attacks targeting U.S. retailers accounted for 62% of such incidents globally.
These groups often infiltrate endpoint devices, including point-of-sale (POS) systems, employee laptops and mobile devices used for customer service. By adapting methods to target the critical tools retail teams rely on most, threat actors are able to disrupt business operations and demand payment, typically in hard-to-trace cryptocurrencies.
To counter these evolving threats, retailers should prioritize endpoint security by deploying advanced monitoring systems that detect unusual behavior and halt attacks early. Regular software updates, strict access controls and network segmentation also can significantly reduce risk. Additionally, proactive threat intelligence programs have proven effective in identifying vulnerabilities in nearly half of all cases before breaches occur, demonstrating the importance of taking a proactive, intelligence-driven approach to cybersecurity.
Social Engineering: The Human Target
Trustwave’s findings show that 58% of all initial access techniques in retail incidents stem from phishing attacks, making it one of the most prominent threats. Phishing is a common cyber threat that targets individuals and organizations by tricking them into providing sensitive information or clicking on a malicious link.
For retail leaders and employees, phishing often takes the form of social engineering threats, which leverage emails, texts or phone calls that appear to come from trusted sources, such as a supervisor, supplier or even a customer. Social engineering attacks prey on human behavior to breach defenses and tactics to trick employees into clicking malicious links or sharing sensitive information are ever-evolving.
Retailers can mitigate this risk by investing in adaptive email security systems capable of analyzing and intercepting phishing attempts. Equally important is educating employees on how to recognize and respond to these schemes. While phishing simulations may help reduce successful attacks, ongoing employee education is one of the most necessary lines of defense. Hackers are learning to think more like retail employees but — by combining technology with continual training — retailers can learn to think more like hackers, too, and strengthen defenses against social engineering schemes.
Securing the Supply Chain Against Vulnerabilities
The reliance on an extensive supply chain creates a critical vulnerability for retailers. Just this past year, prior to Thanksgiving, Ahold Delhaize — the parent company of U.S. grocery chains including Food Lion and Hannaford — detected a cybersecurity issue within its U.S. network. The company shut down some technology systems across its brands, including pharmacy and ecommerce operations, leading to product shortages at Stop & Shop locations.
Third-party vendors often lack the robust security measures needed to prevent breaches, creating an easy entry point for attackers. Retailers must continuously monitor the security practices of partners and vendors to mitigate risks. These rigorous vetting processes should include cybersecurity audits and contractual obligations to security standards.
Encrypting data and limiting access to only those who need it further protects sensitive information. Continuous monitoring of vendor activity also ensures that risks are identified and addressed promptly, creating a more resilient supply chain capable of withstanding cyber threats.
Redefining the Customer Experience Through Trust, Security
As cyber threats grow in sophistication and scale, retailers must prioritize resilience as a cornerstone of their digital transformation. The strategies outlined here — bolstering endpoint defenses, enhancing employee training, securing supply chains and embracing proactive threat intelligence — will help to position the retail sector for success as cyber threats continue to evolve.
Looking ahead, retailers have an opportunity to redefine the customer experience through trust and security. By integrating advanced fraud detection and committing to continuous innovation in cybersecurity, retailers can stay ahead of emerging threats while maintaining consumer confidence.
Kory Daniels, Chief Information Security Officer at Trustwave, is an innovator and leader in cyber threat detection program transformation. Over the past 20 years, Daniels has overseen and supported the evolving requirements in helping organizations, from fast-growing midmarket firms to F500 global enterprises define, measure and accelerate the achievement of their security maturity targets.
