Retailers will have a lot to weather this year. While the challenge of reduced consumer spending due to inflation and increasing interest rates seems the most obvious, there is another threat lurking under the surface, cybercrime. Technological advancements and their rapid adoption by retailers are opening new channels for cybercriminals to exploit.

From IoT and POS, to the next generation of mobile-device augmented payment gateways and merchant facilities (Square, etc), attackers have a myriad options to target merchants. As these challenges continue to grow in volume and complexity, retailers need to ensure their employees and customers are protected.

Cybercriminal impact on the retail industry

According to Sophos’ State of Ransomware in Retail report, 77% of retailers were hit by a ransomware attack globally in 2021, one of the highest rates of ransomware attacks of any industry. More than half of respondents reported an increase in attack volume, complexity and impact of cyberattacks on their organisations. Cybercriminals are teaming up and borrowing from each other’s playbooks, sharing tactics, techniques and procedures to stay ahead of organisations, and make attempts to gain access to systems and payment data easier.

Through methods such as phishing, which trick people into giving attackers easy access to systems and payment data, retail organisations are frequently falling victim to cybercrime. However, as retailers implement practices to increase phishing awareness, they need to also consider industry specific threats that are wreaking havoc in the retail sector.

New challenges are arising

The growing professionalism of criminal groups is the significant driver behind today’s retail threat landscape, however there are other factors adding to the cybersecurity challenge for retailers. Most retailers now need to secure multiple devices, platforms and customer-facing apps to ensure positive customer experiences and operational efficiencies across distributed sites.

Digital payments have taken over the industry, as customers choose to pay via phone than with cash or card. Although easier for the consumer, mobile gateway payments expand the attack surface and put more data at risk. This has led to cybercriminals targeting the cloud to exploit less established cybersecurity practices than found in traditional on-premises environments. Adding to this, IoT devices in retail such as smart shelves can be used to track customers’ movements and purchase histories, and hackers can potentially gain access to this data, putting customers at risk of being exploited.

Retailers are also witnessing POS systems becoming increasingly popular targets for cybercriminals. POS systems often use an abundance of external hardware, software and cloud-based components, and are being targeted due to flaws and vulnerabilities. When a vulnerability is exploited in the software used in POS devices, it may allow a cybercriminal to deploy malware on the device, allowing them to extract financial data, inflict a malware attack such as ransomware, or even connect to other internal systems to block the ability to make transactions.

How can retailers protect themselves moving forward?

Retail organisations that are successfully defending against these attacks are not just using layered defences, they are augmenting their security with teams trained to monitor for breaches and actively hunting down threats that bypass the perimeter before they lead to bigger issues. To withstand cyberthreats, retailers should:

  • Install and maintain high-quality defenses across all points in the environment and review security controls regularly to make sure they continue to meet the organisation’s needs.
  • Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, retailers can outsource to a managed detection and response team to provide 24/7 support while retailers focus on their core business.
  • Prepare for the worst and have an up-to-date and practiced incident response plan in place. Retailers should also make backups and practice restoring them to ensure minimal disruption and recovery time.

Cybercriminals will continue to target retailers given their traditional lackluster cybersecurity efforts and threats will only become greater as technology replaces interactions in stores. New advancements in equipment and payment gateways have made it pivotal that retailers are reviewing and updating systems, processes and policies, while also having a strong response plan in place. By doing this the retail industry will ensure customers, employees and organisations remain safe in 2023.

Aaron Bugal is Field CTO APJ at Sophos.