With access to customer data, including PII, credit card information, and purchasing history, retailers have always been in the cross-hairs of cybercriminals. According to Verizon’s 2023 Data Breach Report (DBR), the retail industry experienced 629 incidents in 2023, out of which 241 were confirmed data breaches. The main motive of these incidents was to steal customer data for financial gain.
According to Verizon’s DBIR, when it comes to how these data breaches and incidents occur, it is a roundup of the usual suspects, with both ransomware and the use of stolen credentials among the top, along with email and web applications.
At its core, the challenge retailers are facing as they embrace the latest data-driven technologies to boost productivity and enhance the customer experience, is an exponentially expanding threat surface. Rather than securing money or physical goods from a store or warehouse, retailers must now prevent cybercriminals from stealing information, especially the valuable cardholder data that flows between consumers and retailers.
It’s not just external threats that retailers face. Insider threats in retail are also rising. Recent statistics indicate that 30 percent of Chief Information Security Officers (CISOs) worldwide find insider threats to be a significant risk to their organisation’s cybersecurity. Employees are often said to be an organisation’s first line of defence against cyber attacks, but also their weakest link.
Point-of-sale (POS) systems are also an increasingly popular point of attack for acquiring transaction data, giving cybercriminals immediate access to valuable information such as card numbers and personal identification numbers.
Whether an attack is simple or sophisticated, the results can be disastrous. Retailers today must understand the potential threats, and take aggressive action to protect themselves and their customers from harm.