ACID Technologies helps retailers protect themselves by detecting the first signs of an impending cyberattack – as early as in its planning stage, and providing real-time, detailed alerts that enable the targeted retailers to implement effective preventive measures

Retail cybersecurity is increasingly essential

Where in the past crime in the retail industry involved the theft of merchandise and money, it now focuses on the theft of data, particularly credit card information that retailers hold in large quantities.

Trustwave reports that in addition to the theft of credit card data, cybercriminals also have back-office systems in their sights, citing payroll and HR for direct access to company financial accounts and broader identity theft operations.

Furthermore, mobile apps and cloud storage increase retailers’ web presence, providing additional opportunities for cybercriminals seeking sensitive data to steal and sell, or encrypt and use in ransomware attacks.

These attacks join insider threats such copying data to portable media, or exploitation of vulnerabilities in the retailers’ IT infrastructure. As some retailers’ infrastructures have similar characteristics, a successful attack on one can be leveraged to successfully attack others.

Deloitte identifies the following reasons behind cybercriminals’ increased attacks against the retailer sector:

  • Retailers possess large databases of credit card data.
  • They increasingly rely more on data-driven technologies, such as big data and sophisticated warehouse models, to improve efficiency and increase sales.
  • Many retailers are becoming active in the healthcare and pharmacy businesses, and therefore possess more sensitive data.
  • Buyers in developing countries are shifting from cash payments to electronic card payments.

Deloitte also identifies rising insider threats, due to:

  • High employee turnover rates, including seasonal employees.
  • Many stores and distribution centers.
  • Business outsourcing to third parties.

Some experts also identify social engineering as a contributing factor which can lead to successful cyberattacks against retailers.

These threats highlight the importance of a well-planned data access control policy, ensuring that access to data is authorized only to those requiring it to execute their tasks.

Retail cybersecurity is of particular importance in the holiday season

A particularly sensitive time of year for retailers is the holiday season (defined as October 1 to December 31), when sales skyrocket, and which cybercriminals often exploit.

The Holiday Season Cyber Threat Trends report issued in November 2022 by the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC), examines the threat landscape facing the retail and hospitality sector during the holiday season.

The retailers shared that they were most worried about recurrent threats, with nearly 20% of those surveyed identifying phishing in particular as a threat not only in the holiday season, but year-round. However, of even greater concern was the effect of the hostile activity, with credential harvesting listed as the most shared threat among the retail members exchange – at a rate of 42% in 2020, and 37% in 2021.

The RH-ISAC Holiday Season Cyber Threat Trends report also indicated that fraud using loyalty cards, and even more so, gift cards, was a concern, as these allow the perpetrators to remain anonymous.

Examining changes between 2020 and 2021, the report highlighted how quickly the threat landscape of the retail industry can evolve, with reference to malware, bots and vulnerabilities: Some of the threats, such as QakBot, Emotet, Agent Tesla, and Dridex remain a constant worry, while others, such as Log4Shell, emerge quickly and predictably.

Attacks in the retail sector, regardless of their origin or type, can cause severe harm to companies. Successful attacks, such as when large amounts of data are compromised, gain widespread negative publicity and damage the brand. Sales decrease, in the case of publicly traded companies – share prices drop for at least several months, and the loss of reputation also affects customer loyalty. Furthermore, additional costs may be incurred, for example, covering credit monitoring to affected customers (in some cases – millions), free of charge.

An additional cost that retailers risk incurring may result from non-compliance with the Payment Card Industry Data Security Standard (PCI DSS) standards issued by the PCI Security Standards Council (PCI SSC) to support safe payments worldwide. Retailers failing to adhere to these standards are at increased risk of suffering a successful cyberattack, but also risk fines from governments that require PCI DSS compliance.

Ransomware statistics demonstrating the need for retail cybersecurity

Verizon’s 2021 Data Breach Investigations Report is based on a survey of 435 IT decisionmakers in the retail industry, and focuses primarily on ransomware attacks. It identifies retail as the sector that suffered the most ransomware attacks in 2020 (with the same percentage of attacks in the education sector).

The Sophos report titled State of Ransomware in Retail 2021 stated that 44% of retailers suffered a ransomware attack in 2020, with their data encrypted in more than half the cases. The 34% who did not experience a ransomware attack in 2020 expected to experience one the following year.

The report reveals that 99% of the 165 incidents of data disclosure in the retail sector were driven by a financial motive, with payment data involved in many of the breaches, and personal data in 40% of them. The focus of the cybercriminals in 33% of the cases was credentials.

44% of retailers sustained a ransomware attack in 2020

(Sophos, 2021)

Only 9% of retailers who paid the ransom gained access to their encrypted data

(Sophos, 2021)

Retailers who paid ransom only gained access to 67% of their stolen data

(Verizon, 2021)

Rectifying the harm caused by a ransomware attack was $1.97M on average

(Verizon, 2021)

Retailers who chose to pay the ransom in order to regain access to their data paid, on average, a sum of US$ 147,811 (Verizon, Sophos), yet only 9% of them were actually able to access their encrypted data (Sophos). Verizon adds that retailers who had paid the requested ransom recovered only 67% of the stolen data, on average, leaving a third of it lost for good.

The Verizon 2021 Data Breach Investigations Report also stated that rectifying the effects of a ransomware attack in the retail sector, when calculating downtime, people time, device and network costs, lost opportunity and more, in addition to the ransom itself, was, on average US$ 1.97M per attack.

ACID’s retail cybersecurity solution helps protect from potentially disastrous consequences of attacks

ACID’s retail cybersecurity solution is designed to detect and immediately alert to the first signs of impending attacks, regardless of the specific type of attack – including the most common ones targeting the retail industry, and those retailers most anticipate.

Some severe retail cyberattacks that have taken place in recent years, and which could have potentially been avoided with ACID’s effective retail cybersecurity solution, include:

  • JD Sports: The fashion retailer sustained a cyberattack in February 2023, resulting in unlawful access to the person information of 10 million of its customers.
  • MyDeal: In October 2022, MyDeal, a subsidiary of Woolworths in Australia, the company’s CRM system was compromised, resulting in the exposure of 2.2 million customers’ names, addresses, phone numbers and other data.
  • Conoframa: The French furniture retailer was targeted in a ransomware attack in November 2022, with the attackers, the BlackCat group, claiming to have stolen more than 1TB of data. The stolen data reportedly included, among others, financial records, credit card information of Conoframa’s customers, marketing documents, strategy and logistics documents.
  • The Works: The retailer of books, toys and stationary was forced to close several of its stores and suspend replenishment deliveries temporarily following a cyberattack in April 2022.
  • Sobeys: The major Canadian food retailer (with a network of 1,500 stores under various retail names across the entire country) sustained a cyberattack in November 2022. According to employee reports accessed by Bleeping Computer, the attack locked out all computers in the affected stores; however, purchases could still be made as Sobey’s POS and payment processing systems operate on a different system.
  • Bonobos: In 2021, Bonobos, Walmart’s menswear subsidiary, suffered a massive data breach. Data contained in a 70 GB backup file was stolen from a third-party cloud provider and posted on a hacker forum. It contained data of 7 million customers, including, among others, shipping addresses, phone numbers, 1.8 million customer accounts, and partial numbers of 3.5 million payment cards, as reported by Bleeping Computer.
  • Guess: Also in 2021, a ransomware attack was waged against Guess, the American clothing brand and retailer. Bleeping Computer reported that the stolen data included customers’ social security, driver’s license and passport numbers, as well as financial account data. Guess did not reveal any information regarding the number of customers affected and whether it had paid the ransom demanded by the cybercriminals.
  • Neiman Marcus: The American luxury retailer, was hacked by a cybercriminal in 2020, who gained access to personal data of 4.6 million of the company’s customers. The breached data included names, credit card information, virtual card numbers, usernames and passwords and contact information.

The benefits of ACID’s retail cybersecurity solution

ACID’s exceptionally cost-effective retail cybersecurity solution helps retailers protect themselves from cyberattacks, keep their data safe, and potentially avoid severe negative implications in terms of severe financial harm and loss of reputation.

ACID deploys clusters of bots, implements advanced AI algorithms and uses client-specific keywords in several languages, to detect the first signs of an attack in multiple sources, including the clear, deep and dark web, social networks and more. Its efforts often reveal information on attacks while still in their initial planning phase. Once such signs of an impending attack are detected, ACID alerts the targeted company in real time, providing all the available information – including screenshots of threats detected on the dark web and deep web, which clients may be reluctant or incapable of accessing themselves. This information enables the retailer that finds itself in the crosshairs of a cybercriminal to prepare targeted countermeasures to the perceived threat.

ACID continues to monitor the sources 24/7/365, and provides the targeted company with updates with any additional data as it becomes available, which its IT personnel can then use to fine-tune the response, and mitigate the effects of the attack, or thwart it altogether.

Additionally, ACID conducts widespread monitoring activities to detect any stolen data that may be offered for sale, indicating that a company has already been breached, to enable it to take appropriate action and stop the theft.

ACID’s retail cybersecurity solution provides its clients with a layer of protection at a fraction of the cost of a data breach, and enables them to invest their resources where they are most needed to achieve business success.