(1) Which is the second most targeted industry by cyber-attacks?
(2) One-third of all login attempts on retail websites are account takeover (ATO) attempts
(3) DDoS incidents grew nearly 200% since Sep 2021, with US being the most targeted (61.6% of all DDoS attacks in 2021)
So, which is the second most targeted industry by cyber-attacks? While banking & finance is the most targeted, not far behind is the retail industry. Yes, you read that right. The pandemic made it an immediate necessity for retailers to shift their operations to re-purposing physical stores, moving staff to serve customers online and a complete shift of trade to the digital landscape almost overnight.
An industry with a heavy reliance on legacy technology was suddenly required to move at full throttle, completely rehauling the way it supported customers, as customer expectations significantly changed during this period.
The size of the prize for cyber attackers in this industry is significant given the volume of consumer data (PII)and PCI (credit card/financial data) and the constantly evolving digital landscape surrounding ecommerce made this industry the 2nd most targeted by cyber-attacks.
The retail industry faces challenges in cybersecurity that are unique to its ecosystem. As a business the absolute requirement to consistently adapt to customer expectations and a changing digital landscape requires constant changes in 3rd party partners, mergers and acquisitions to improve customer propositions, all indicate a very dynamic and complex industry, that needs constant monitoring and updates to stay always protected.
Over just the last 2 years retailers have been targeted by ransomware attacks, data breaches and the constantly growing threat of Bot abuse. A report published by the State of Ransomware in Retail 2022 found that globally 77% of retail organizations surveyed went under a ransomware attack – which is a 75% increase since 2020! This is also 11% higher than the average attack rate of 66% across all industries.
In the recent years, an increasing number of incidents resulting in significant losses are being reported, especially across industries that are customer facing - like Target Red Card, Unisys Red-Day and British Airways highlighting the actual loss of business as well as the fines and settlements that are being paid to impacted customers, especially on data breaches.
Erstwhile measurements of risk, that are on a scorecard or rating based, do not provide realistic, business impacting financial numbers that can be actioned on – which is why (CRQ) has become the need of the hour to provide retailers clarity on how to avoid losses, track and make the right investments to protect themselves from different types of cyber-attacks.
While multiple solutions exist that provide cybersecurity teams with an Inside-out and Outside-in approach to CRQ, they struggle to get the buy in and seriousness required from leaders One of the key reasons is speed and scale, as well as the specificity and context of the dynamic and ever-changing retail industry
At Alfahive we have created a Cyber Risk platform called RiskNest™ that uses a unique industry-led approach to cyber risk quantification (CRQ) by identifying and mapping the specific cyber risks to the relevant business processes contextualised to the retail industry. This is done using real-time mapping across extensive data sources, Machine Learning technology and by using quantification algorithms to predict the likely loss in the case of an event.
Having some static data and support on cyber risk and cyber security solution is one thing. Yet, having data-driven insights automated to incorporate changes and spews out financial quantification information instantly, along with being mapped to your specific industry is what gives the edge to CISOs in the retail industry to make well-informed, quick and better decisions, so that the company can focus on what it does best – ace the Retail industry and grow to be a top retailer!