Retail’s weakness is cyber crime’s opportunity

By Bill Conner, CEO, SonicWall. 

Black Friday kicks off the festive shopping season 29 November this year, with millions of shoppers expected to take advantage of low prices. In 2018 alone, online Black Friday sales totaled $6.22bn; up 23% on the previous year’s figures. 2019 presents an excellent opportunity for retailers to not only increase revenues again, but elevate brand voice and extract valuable customer data leading to potential repeat sales later on.

Cyber criminals know retailers cannot afford disruption during the year’s peak shopping season, and their targeting of businesses at this time is a deliberate ploy to extort as much as they can. Cyber Monday 2018, for example, saw a 432% increase in ransomware attacks on the previous year alone. 

Conservative estimates place the value of customer data at around $6,600 (£5,370) per person per year, and while organisations and governments are becoming more attuned to its inherent value, cyber criminals are too. Ransomware kits have been selling on the Dark Web since 2016 for as little as $39. Access to data is often used by cyber criminals as a bargaining chip for extortion. In the first half of 2019, there was a 15% year-to-date increase in overall ransomware attacks based on the latest SonicWall threat report data.

When attacks like these happen to household brand names like Adidas, or national institutions like the NHS, the temptation for small-to-medium-size-businesses (SMBs) is to think that cyber attackers exclusively target large organisations. But SMBs are not immune, because as one famous advertising slogan has it, “You’re Worth It”. The reality is cyber attackers often focus their attention on SMBs since they are more likely to have low levels of sophistication in network security. In fact, between 2017 and 2018, 61% of SMBs experienced some kind of cyber attack resulting in average net losses of around $1.2m (£1m) because of disruption to normal services.

The problem for businesses (and SMBs in particular) is departmental siloing, an overreliance on legacy security systems, and poor security training which offers multiple points of entry for cyber criminals to gain access to sensitive information. Human error is often cited as the number one reason organizations are left exposed in this way. Human error encompasses everything from lack of vigilance to outright negligence when it comes to network security, but it is particularly a problem with email security.

Consumers themselves, of course, bear the brunt of these attacks by having their personal information compromised - but retailers can face penalties from regulatory bodies and consumer representative groups bringing litigation; especially those who are not already using threat protection technologies. The recent $225m (£183m) fine incurred by British Airways and the $135m (£110m) incurred by Marriott are testament to this. That’s why it is imperative for retailers to ensure that their security approach is as robust as possible from the outset.

What can retailers do?

As a first line of defence against cyberattacks, installing next-generation firewalls and enabling Deep Packet Inspection of SSL (DPI-SSL) to inspect encrypted traffic is always critical. However, retailers need to be vigilant, as hackers are constantly developing new ways to attack business infrastructure, and unless businesses are secured end-to-end, ransomware and other types of malware can easily find a vulnerable point of entry.

Recently, Real-Time Deep Memory Inspection™ (RTDMI) has offered a way of layering business security so retailers’ sensitive data can be protected across the board. Essentially, AI-powered technology detects and blocks malware which does not at first exhibit obvious malicious behavior but instead hides its weaponry via sophisticated encryption.

By forcing malware to reveal its weaponry in memory, where weaponry is exposed for less than 100 nanoseconds, the RTDMI engine proactively detects and blocks mass-market, zero-day threats and unknown malware with a high degree of accuracy. It is also cloud-based, automated, and utilizes multi-engine sandbox technology designed specifically to counter hostile intrusions at the gateway.

Aside from being highly accurate, RTDMI also improves sample analysis time, and since malicious code or data is detected in real time during execution, no malicious system behavior is necessary for detection. RTDMI then records and blacklists any suspicious code or data it encounters - like a body’s immune system inoculating against infection from the same disease later on.

RTDMI is most powerful when deployed as part of an integrated security platform. This way, various threats can be discovered and dealt with based on the latest real-time consolidated threat information.

Layered approaches like these allow retailers to keep on top of threat risks as they happen. It is important for retailers to begin looking at their security approaches now before the data shoplifters are in action again. After all, nothing has the potential to ruin the holiday season - for both retailers and consumers - more than compromised personal and financial data.