The ABCs Of Retail Cybersecurity: Protecting Assets, Brand And Customers

0aaChris Morales Vectra

There’s something uniquely gratifying about a shopping bag full of new goods or a big brown box waiting on the porch. The American love affair with shopping is legendary. Whether it’s downtown, at the mall or online, we’re always looking for a deal, the latest and greatest, or something stylish.

Our national pastime has changed a lot in the last 20 years, and not always for the better. Cybercriminals like to shop online too, but they’re not looking for shoes. They want your personal and financial data…and lots of it.

The enormous volumes of valuable data created by online shopping, loyalty schemes and digital marketing represents a treasure trove for the world’s hackers and criminals. This wealth of sensitive information promises easily monetized riches and the opportunity to hold retailers ransom through malware or denial-of-service (DoS) attacks.


Online retailers are especially tempting targets for the world’s cybercriminals. They are also uniquely impacted by a successful attack. Any outage or loss of data has an immediate damaging effect on the brand and reputation they’ve worked so hard build.

Moreover, margins in this type of business are often slim and retailers have relatively modest resources to throw at security compared to financial services institutions. This known vulnerability makes them even more attractive to cybercriminals.

Data Breaches By The Numbers

As smaller specialist sellers look to rival larger brands, they will likely introduce digital initiatives (e.g. loyalty programs) that encourage hackers to target them and their digital supply chain. POS malware and ransomware are ongoing threats to the retail sector, with new variants and exploits popping up regularly.

Retail supports one in four American jobs and contributes $2.6 trillion in total GDP impact. In the U.S. alone, there are nearly four million retail establishments that support 42 million jobs, according to the National Retail Federation.

Of those businesses, 98.6% employ fewer than 50 people, putting the majority of retail businesses squarely in the hackers’ crosshairs as small businesses with limited security resources and expertise.

With traditional retail going through huge digital transformation projects and moving towards the bricks-‘n’-clicks model, you’d have thought that cybersecurity would be a key priority for every e-Commerce organization.

Yet it still seems that far too few retailers are taking this threat seriously. This is evidenced in part by the tediously slow transition to more secure EMV (chip and PIN) card systems in the United States.

In addition to POS malware, there are many opportunities for crime in the retail sector: Return and refund fraud; DoS attacks; phishing and phone-based social engineering attacks; and web site and advertising malware.

It’s important to note that massive data breaches in other sectors can increase fraudulent activity in the retail sector; the fallout from the Equifax breach is likely to take its toll in the coming months as cybercriminals leverage stolen Personally Identifiable Information (PII) in a variety of identity theft and fraudulent account schemes.

According to a recent Citrix analysis, 40 disclosed data breaches cost the U.S. retail industry approximately $145 million in 2017, a figure which would be much larger if the costs associated with all cyberattacks could be tallied.

The U.S. retail industry matched the financial services industry in the number of breaches, coming in just behind technology and much lower than the health care sector, which saw an unprecedented number of attacks in the past year.

About 88% of the retail breaches were caused by hacking or malware, which should compel retail security leaders to take a closer look at their defensive measures.

Another compelling statistic is cited often in discussions of consumer trust: The KPMG Consumer Loss Barometer reports that 20% of big box retail customers would cancel their accounts if they were victims of a hack, regardless of retailer response. However, 55% of retailers haven’t made capital investments in info security during the past year.

Of course, it’s easy to criticize complacency when you’re not in the trenches. Retailers are under immense pressure — rising wages, global competition, the dominance of Amazon and Walmart, the difficulty of attracting and retaining skilled technical staff, and geopolitical uncertainty due to trade agreements and regulatory rollbacks.

Brands should focus on turning retail cybersecurity into a competitive advantage that protects customer trust and the bottom line.

Cybersecurity: A New Approach

One of the biggest problems facing retailers is that criminals have become adept at cloaking their attacks. Perimeter security — firewalls, malware sandboxes and intrusion prevention — is no longer enough to deter or catch determined hackers.

Attackers can get past defenses by mimicking benign traffic. But inside the network, they must behave in certain ways to carry out their crime. While these patterns of activity are often successful, they also represent an attacker’s key weakness.

What’s needed is a new cybersecurity model that employs the latest advances in artificial intelligence (AI) and machine learning. If organizations can immediately spot the tell-tale behaviors of attackers, they can isolate and eradicate them before they wreak havoc across the business.

Thanks to AI and machine learning, a new generation of security tools can automate the detection and response to the hidden cyber-attackers that so often evade corporate defenses.

When it comes to fighting cybercrime, speed is of the essence, and today it’s possible for retailers to identify attackers before they’ve had the chance to shoplift data or infect systems and devices.

By dramatically reducing the time to detect, understand and resolve cyber incidents before they impact business, retailers can safeguard their revenue and profitability, brand reputation and, most importantly, customer loyalty.

Using AI And Machine Learning To Find Attackers

By applying AI and machine learning, retailers can quickly identify where attackers are hiding and what they are doing. The highest-risk threats can be instantly prioritized by detecting the tell-tale behaviors of an attacker. Threats can be automatically scored and correlated with compromised hosts to provide a narrative of a developing attack.

AI also enables automation, which reduces the workload of retailer security analysts by speeding up incident response. At the same time, machine learning ensures threat detection and response become increasingly adept at spotting hidden and unknown threats.

Such AI-based systems are not a panacea to the problem of cyberattacks; they must dovetail with other security technologies, from cloud and data center workloads to user and IoT devices. The principle of identifying attackers by their behavior represents a sea change in the way that retailers and other businesses can combat criminals.

Thanks to new models of threat detection and response, retailers can respond much faster to stop attackers before they do damage while developing stronger safeguards for their reputation, data and consumers.

As the dynamics of trust and loyalty between brands and customers continue to shift, strategic investments in cybersecurity will have a more direct impact on business success.


Chris Morales is head of security analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise customers. He has nearly two decades of information security experience as a security industry analyst and security consultant. Morales is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.

Feature Your Byline

Submit an Executive ViewPoints.


Access The Media Kit


Access Our Editorial Calendar

If you are downloading this on behalf of a client, please provide the company name and website information below: