Around this time every year, media headlines fill up with warnings for the world’s shoppers about scam campaigns disguising cyber attacks as festive shopping marketing. This year, some retailers have gone so far as to proactively help educate their customers about the rise of phishing emails co-opting their brand, but it’s important that retailers understand the risks they are exposed to themselves.
I’m as happy as the next cybersecurity expert to see efforts towards raising cyber threats awareness among the masses, but these educational efforts only tell one side of the story of cyber threats in retail.
In recent years, threat actors have increasingly taken advantage of the widespread adoption and usage of cloud applications across the retail industry, using them to sneak malware into retail businesses.
A complex and cloud heavy environment
Why are retail businesses so appealing to cyber criminals? Because they often hold treasure troves of personal and financial data, and there is rarely a customer interaction that doesn’t involve payment information. These treasures attract malicious actors, and are often hosted in complex tech infrastructures that are difficult to protect, and where data access and movement is difficult to monitor.
This complexity comes from the interconnection between various retail environments (marketplaces, individual e-commerce websites), plug and play solutions designed to enable e-commerce quickly (e.g. Shopify), payments and banking solutions and environments, and everyday collaboration and productivity tools used internally, such as CRM systems. For those still playing the brick and mortar game, you can add to this a network of distributed devices and workers for a pinch of extra complexity.
Nowadays, most organisations rely primarily on cloud-based tech infrastructure, and retailers are no exception in their efforts to extract all the productivity benefits that come with the cloud. A recent report by the Netskope Threat Labs revealed that employees in the retail industry use an average of 20 different cloud applications each month. Interestingly, a consumer app—WhatsApp—ranked second in the most popular applications for work collaboration in retail.
Cyber criminals are smart—they go everywhere we go—and so this growing cloud ecosystem is increasingly the source of cyber threats, to the point that the majority of malware in retail is now delivered via cloud apps rather than via the web. Over the past 12 months, 60% of all malware downloaded by retail workers came via cloud services and applications, climbing as high as 70% one month, and making retail the third most targeted industry through the cloud behind telcos and financial services.
Most cyber criminals ride malware in through familiar cloud applications we all use, but some go so far as to create fake cloud business applications that can plug into an organisation’s core applications, or allow users to sign in with their corporate login credentials (enabling them to phish the logins for other uses).
Slipping through the cracks
Cyber criminals are targeting these cloud ecosystems for multiple reasons. Primarily because they can fly under the radar and evade security controls that often do not inspect cloud traffic. And in delivering malware via cloud applications, attackers are hoping to tap one of organisations’ main weaknesses: humans.
Employees tend to naturally trust the cloud tools they use at work because they are not yet aware of the associated risks. An unknown file hosted on their Google Drive or SharePoint at work is less likely to raise suspicion than a dodgy email or an unfamiliar website asking for credentials, sensitive information, or to download and open an archive file. However anyone can open a OneDrive account, and the familiar OneDrive URL shouldn’t provide reassurances about the safety of the document being downloaded.
A lack of suspicion or caution among teams can be exacerbated in fast-paced times such as the lead up to Christmas and Boxing Day, where staff members across departments are focused on delivery and may not be as alert as they would in normal times.
A significant number of data breaches in Australia still originate from human error. According to the OAIC, a quarter of data breaches can be directly connected to human error, and another 70% to malicious or criminal attacks, which are, more often than not, allowed to happen because cyber criminals managed to deceive workers into giving up their credentials or sharing sensitive information and data with attackers.
Starting a cloud security journey
So, how can the retail world mitigate the risks stemming from its significant cloud usage? Here are a few recommendations industry players can consider:
- Retailers should make sure they have the technology in place to be able to monitor web and cloud downloads from employees in real-time, and identify malware that may make its way into the network.
- Continue to educate employees about opening potentially dodgy files such as executable files (.exe) or archive files (.zip, .rar), including those shared via cloud applications. For an additional level of defence, it might be worth considering automatically preventing employees from opening those files.
- Consider blocking usage or at least downloads from web sources and cloud applications that employees do not need to use for their day-to-day work, in order to decrease the risk of exposure to malware.
- Integrate cloud security into a holistic zero trust security strategy.
David Fairman is chief security and information officer APAC at Netskope.