Retail is one of the top targeted industries for cyberattacks, with more than 50% of retailers having experienced a breach within the past year.1 These cyber attacks have double since 2017, putting retailers of all sizes at risk.2 Large volumes of customer data being transferred between devices and other edge locations have created a feeding frenzy where cybercriminals use all types of threats to break into these networks. Home Depot, Macy’s and Chipotle are just a few of the big players that have experienced significant breaches within the past few years.
Home Depot
POS systems were infected with malware that posed as a an anti-virus software. The cyber attackers stole debit and credit card information from more than 56 million customers.3
Macy’s
Logins and passwords were stolen from sites unrelated to the retailers allowing cyber thieves to hack thousands of customer accounts. Continuing for 6 weeks before being shut down, names and credit card numbers were stolen from the site.4
Chipotle
Cyber thieves used malware to access customers’ payment card information on POS devices for a month. Names and credit card numbers were stolen from more than 2,250 restaurants nationwide.5
Threats to Retail Edge Security
New types of attacks are constantly emerging and finding common gaps within retail network systems. Some of these gaps include inadequate vulnerability scanning, poorly designed networks and using legacy systems without the proper controls. As more resources move to the cloud, attack surfaces will continue to grow in size making it easier for cybercriminals to breach security measures that have been put in place. Some of the largest threats to the retail network landscape are:
Malware
Malware attacks continue to increase and this method of attack has also become harder to prevent. This type of cyberthreat occurs when malware is installed onto POS devices to steal large amounts of information.
Ransomware
Much like the name implies, ransomware is when cyberattackers break into an organization’s network and encrypt specific information which can only be unlocked by paying a ransom.
Third Party
This type of attack occurs when a network is infiltrated through an outside partner or vendor that has access to an organization’s systems.
Network Resilience at Remote Retail Sites
Retailers at edge store locations rely on corporate offices to provide technology and protection necessary to ensure the network is up and running. When a breach does occur in an advanced technology environment, many organizations choose to address the specific cause instead of evaluating the network as a whole. Retailers need to have full network visibility in order to ensure compliance, data security and network resilience at each location.
Lighthouse Enterprise ensures that in the event of a hack, network engineers have the ability to:
- Isolate the incident by disabling impacted network equipment through the console port
- Protect private data until the breach has been remedied
- Remediate remotely using cellular access and isolate an effected branch by disconnecting the WAN connection
Ensure that your organization is prepared during the event of a cyber attack. To learn more about how Opengear can ensure always-on access for your remote retail sites, download our whitepaper, Building a Resilient Retail Network.
1 https://www.thalesesecurity.com/2018/data-threat-report-retail
2 https://www.retaildive.com/news/us-retailers-lead-world-in-data-breaches/528873/
3 https://www.infosecurity-magazine.com/news/home-depot-to-pay-2725m/
4 https://risnews.com/macys-hit-targeted-data-breach
5 https://www.nrn.com/fast-casual/dozens-complain-hacked-chipotle-accounts