Retail cybersecurity in an evolving threat landscape

Issue 3 2021 Information Security

As a result of the Covid-19 pandemic, global online retail sales increased in 2020. According to statistics, consumers spent $861,12 billion online with US retailers in 2020, a 44% year-over-year increase from 2019. However, total retail sales only increased by 7%.

What this shows is that while consumers were spending the same amount of money, they were shopping differently. This change in consumer shopping habits parallels the types of security risks impacting digital retail business. With this in mind, retailers must work to understand how the various technological trends that are designed to keep businesses afloat could also impact the cybersecurity posture of their entire industry.


Courtney Radke.

What cyber threat trends should retailers be aware of?

There are several global trends that could lead to challenges for retailers in the coming year. With consumers likely to continue with more digital approaches to shopping, retailers must look at their industry’s place within the larger cybersecurity threat landscape.

Many retailers have adapted their business to support new cloud-based customer experiences. From releasing mobile apps to enhancing online store experiences, digital transformation became a mission-critical strategy. One example is the investment in contactless transaction technologies as a means to prevent the spread of Covid-19.

According to Fortinet’s Retail Security & Covid-19 Industry Survey 2020 Trend Report, 58% of businesses surveyed indicated that they adopted contactless transactions. While contactless transaction technologies have protected physical health, they have also created new cybersecurity hygiene risks. This is underscored by research from the latest FortiGuard Labs Global Threat Landscape Report, which noted the prevalence of IoT-based IPS detections throughout 2020.

Many contactless payment technologies use IoT to process payments faster and reduce consumer friction. But this can often lead to more issues down the line. For example, when customers choose to pay for an item by tapping their smartwatch screens, they add a new, often insecure, technology at the point of sale, opening a new door for potential cyber threats.

Advanced persistent threats (APT) persevere

As retailers continue to adopt cloud strategies, they increase their digital footprint, expanding their attack surface. However, with the increased complexity of the IT stack comes the struggle to achieve secure access. Retail IT teams often manage large networks across geographically distributed branch locations. This complexity, combined with the data they store, transmit and collect, makes retailers attractive targets for cyber criminals.

The retail industry has always been a fertile ground for collecting personal data. Cardholder data, in particular, provides a rich set of information such as cardholder name, primary account number and CVV. Malicious actors use stolen credentials to gain access to these systems and networks, disguise themselves as authorised users and harvest data.

In the second half of 2020, malicious actors persevered, increasing their APT activity. Also noted in the latest FortiGuard Labs Global Threat Landscape Report is that APT groups sought to gather personal information in bulk. One example of this is the MUMMY SPIDER group, which distributed a new version of their malware through email in the hopes of stealing account credentials and moving laterally across local networks.

An evolving threat landscape

As retailers respond to this new digitally transformed business model, they need to lay the groundwork early on to prevent cyberattacks that can negatively impact reputation and revenue. This defence strategy should involve the following elements.

Begin with a secure SD-WAN. Retailers must mature cloud security more rapidly in an increasingly complex IT stack that includes internal and external-facing applications. Software-defined wide-area network (SD-WAN) solutions can help provide additional flexibility and allow for more rapid architecture changes to support business requirements, but they often complicate (or lack) integrated security.

The challenge this creates is that retailers are either forced to add additional complexity via security bolt-ons and overlays or move forward with multi-cloud connectivity without security. Integrating security into the SD-WAN solution is the key to allow retailers to gain the performance benefits and cost-savings of SD-WAN without sacrificing security.

With Secure SD-WAN on their side, retailers can ensure that security is built into the fabric of their networks. Likewise, as traditional routers no longer provide the necessary visibility into business applications within these complex cloud infrastructures, Secure SD-WAN also solves the issue of network sprawl by prioritising business-critical traffic using high-performance traffic shaping and management profiles.

As retailers add more cloud-based applications, both for their employees and their customers, they need the enhanced network connectivity that SD-WAN provides with built-in security features to deter malicious actors.

Embrace Zero Trust Access: Adopting a Zero Trust Access (ZTA) approach is oftentimes seen as too challenging to implement and is therefore overlooked by businesses looking for ways to bolster their security effectiveness. The Catch-22: it is one of the most critical components to enabling proper cybersecurity controls within the retail space.

ZTA’s fundamental ‘trust no one’ mantra can sound like something from a spy movie. In reality, this approach focuses on controlling user and device identity and access. For retailers, taking a Zero Trust approach includes managing security issues arising from IoT devices.

A retailer-focused ZTA strategy may include implementing micro-segmentation to prevent risks associated with contactless payments and IoT. While the Payment Card Industry Data Security Standard (PCI DSS) requires retailers to segment networks that manage cardholder data, micro-segmentation can enhance security controls and create a more robust security posture that goes beyond PCI DSS compliance.

Retailers should also consider creating zones specifically designed for contactless payment technologies that allow purchase via IoT devices. By segregating the purchases made through these devices, retailers limit malicious actor movement within their networks, mitigating the risks associated with insecure wearables and other IoT devices.

Enforce strong authentication requirements: Preventing credential theft requires securing the ‘human element’. As retailers expand their customer-facing web and mobile application offerings, they need to protect themselves by first protecting their customers.

At a minimum, any web application should be configured with a minimum password length of eight characters, with at least one uppercase letter, one number and one special character. Additionally, retailers should look to require multi-factor authentication and rate-limiting on account login and creation attempts wherever possible and appropriate based on business appetite, to maximise security. Implementation of geography-based filtering is also another function that should be evaluated to track and protect against malicious attempts to access web applications.

Evolving retailer cybersecurity at the speed of business

Retailers are evolving their business models at the speed of the cloud and need their cybersecurity programmes to be equally agile. With more consumers becoming accustomed to online shopping and new digital experiences, many may never shop the same way again. To protect brand reputation and these new revenue streams, retailers must secure their digital transformation strategies from the beginning, rather than considering them to be an afterthought.

Similarly, retailers must adopt new security practices and the technologies that enable them. For every new security measure organisations put into place, cyber criminals are already looking for new ways to exploit it to gain access to sensitive systems, networks and applications. This means that retailers need dynamic and adaptive security solutions to protect their environments from attacks that continue to grow in prevalence and sophistication. Whether from an e-commerce or point-of-sale perspective, the retail industry collects, transmits, processes and stores more digital customer data than ever before. To ensure consistent and secure customer experiences, retailers must take an holistic approach to digital transformation by seeking out technology and platforms that build security into the fabric of connectivity.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.