Cybersecurity is an ongoing concern for retail organizations. The retail sector is also highly regulated by compliance frameworks such as PCI-DSS.
In 2021, cyberattacks on retail and e-commerce organizations surged by 264%, according to a SonicWall report. One in every five ransomware attacks targeted a retail company.
Cybersecurity Challenges for Retailers
There are a few factors that make retail organizations specifically vulnerable to cyberattacks:
- Retail organizations experience a high volume of target attacks because of the value of credit card and consumer data. On average, the cost of stolen credit information is over $17 and $171 for a physical, cloned credit card, according to a Comparitech study.
- E-commerce encourages retailers to adopt feature-rich and ultra user-friendly websites, sometimes lacking security measures such as multi-factor authentication that create more steps for end users.
- New retail technology such as updated point-of-sale (POS) terminals, internet of things (IoT) devices and cloud-based storage creates more data, and therefore a greater attack surface for attackers to infiltrate.
Common Security Risks for Retail Companies
- PoS malware. In this type of attack, an adversary uses a tactic called RAM scraping, which targets random-access memory (RAM) to steal unencrypted credit card information in a compromised PoS device.
- Supply chain attacks. A retail organization typically works with many different third-party vendors to support its operations. Each of these vendors introduce risk and opportunity for threat actors to launch an attack. In the 2013 Target breach, for example, threat actors gained access through network credentials stolen from an HVAC company.
Limited Resources Leave Retail Organizations At Risk
While many retail organizations turn to traditional Security Information and Event Management (SIEM) platforms to detect cybersecurity threats, most organizations have limited resources to engineer the product to work effectively.
A SIEM requires regular maintenance and optimization to defend against the latest cyberattacks. In large corporations, a 24/7 Security Operations Center (SOC) staffed by a group of specialized IT security analysts sift through alerts, determine the severity of each, take action on the most important ones, and feed and maintain the system on an ongoing basis.
A modern SIEM like Blumira that combines threat detection and response capabilities provides resource-strapped retail organizations with the ability to detect and respond to threats quickly and easily.
- Deploy in minutes and hours, not weeks or months – Blumira is 5x faster to fully implement than other security solutions, increasing your time to security
- Get meaningful, high-value alerts on real threats to reduce false positives and alert fatigue for your small teams so they know what to prioritize
- Gain comprehensive visibility with third-party integrations across cloud, on-premises and cross-platform; and track trends with security reports
Cybersecurity Best Practices for Retail Companies
Securing a retail organization can seem like a daunting task — especially as industry IT leaders juggle so many different priorities.
There are some best practices that IT teams in retail can follow, even with limited budgets and staff:
Prioritize end user training. IT and security teams should know about ransomware warning signs, but so should end users. Failure to train and educate users often points to a broader issue — a lack of security culture throughout an agency. That, combined with the fact that human error is the starting point for many cyberattacks, means that organizations should make training more of a priority.
At a minimum, IT and security teams should inform staff about how to spot a phishing email. More formal security awareness training is even better, but an informal chat about what a phishing email can look like and what to do is a good first step.
Deploy Sysmon. When it comes to preventing ransomware, it’s important to have visibility into an environment. Endpoint detection and response (EDR) tools can achieve that, but they can also be expensive and out of the question for local banks and credit unions with limited budgets. System Monitor (Sysmon for short) is a free Microsoft utility that small IT teams can use to get visibility into their environments. Sysmon is part of the Sysinternals software package and provides a higher level of event monitoring than the standard Windows logs. It records events such as network connections, process creations, file hashes, and changes to the Windows Registry.
IT leaders without the budget for an EDR solution should deploy Sysmon for enhanced logging that can provide a wealth of data about endpoints. Since Sysmon is free, it does require more care and feeding than a plug-and-play paid tool. IT admins need to deploy updates as they are released and make configuration changes as necessary, but those tasks generally fall under the umbrella of standard patch management. It’s relatively easy to install and configure Sysmon in a few steps.
Implement threat detection and response. Using Sysmon and a centralized log management tool will provide some visibility into an environment and help with alerting, but small IT and security teams need to know how to respond to those alerts. A threat detection and response solution alerts IT and security teams on suspicious behavior that is indicative of a ransomware attack.
Addressing the Retail Cybersecurity Gap
Blumira is a PCI-compliant SIEM with threat detection and response that alerts your team about critical cyber threats in real-time and provides automated and actionable response capabilities that reduce the overhead associated with traditional SIEM products.