Retailers Must Adopt a Proactive Intelligence-Driven Security Strategy

Posted: 16th March 2018

Retailers are under siege from cybercriminals.

With the advent of e-commerce over two decades ago, the retail industry entered into the digital age where retailers have the opportunity to collect more information about their customers than ever before. Shortly after online shopping became popular, the stakes grew significantly for organizations to protect their customer information and keep their websites available.

This digital transformation did not end with the e-commerce channel as connected devices have made their way into physical stores in the form of point-of-sale (POS) systems, kiosks, and handheld devices — all designed to collect and access customer information. With the introduction of public WiFi networks in many retail chains, consumers are now using their own mobile devices to look up products, price compare, and even check out in the store. This multi-channel, digital selling experience has forced retailers to share customer information across disparate systems via the internet, exposing their business to hackers and creating a true cybersecurity challenge.

Standards Don’t Equal Security

Currently, the sheer volume of consumer information present in retail systems encourages attackers to monetize hacked data on a large scale. Cybercriminals are trading payment card, gift certificate, and loyalty/rewards program information on the internet, all stolen from retail systems. Breach horror stories at leading retailers have been widely publicized, creating consumer concern for sharing sensitive information with merchants. The significant data breaches last year hammered the bottom line for several retailers, creating hundreds of millions in damages. In addition to substantial financial losses, these acts of cybercrime severely damage brand reputation, erode consumer confidence, and ruin IT careers.

Retailers that follow the latest Payment Card Industry Data Security Standards (PCI DSS 3.0) to protect e-commerce credit card data have built a baseline defense against cybercrime. Although PCI standards are comprehensive, complying with them most likely will not protect a retailer from being breached.

Breached consumer data is frequently bought and sold on underground forums, requiring retailers to access intelligence from dark web forums where these threat actors operate. By accessing intelligence from the dark web, retailers can uncover and mitigate these attacks. Once a breach is discovered, threat intelligence can also help your security team learn more about the attackers and their motives, and possibly prevent future attacks.

That said, for every breach that involves stolen credit card data or customer information, there are thousands of other cyber threats that plague this industry in the form of distributed denial-of-service (DDoS) attacks, zero-day malware (with numbers in the millions), and typosquatting. For large retailers, suffering an e-commerce outage for even one hour on Cyber Monday can result in millions of dollars in lost revenue and eroded consumer confidence in their brand.

The only way for retailers to truly keep their business secure is to invest in proactive security techniques and technologies that alert and inform of impending threats.

Remaining Secure With Threat Intelligence

Retailers have started making investments in threat intelligence to determine the impact of these attacks, and then predict and disarm them. To ensure that a retailer’s network, application, data, and endpoints can remain secure (clean of malware and breaches), software applications and services are evolving to deal with these threats, while reducing reliance on known signatures by instead adopting other forms of detection. Monitoring for exploited vulnerabilities targeting in-store hardware gives retailers visibility into threats.

Due to the sheer number of potential threats, artificial intelligence and machine-learning technologies have become an imperative for synthesizing and displaying relevant data, creating efficiency of analysis, better security decision making, and lowering risk caused by cyberattacks.


A recent breach of retailer Forever 21 highlights the value that businesses in related industries can get from available threat intelligence. The fashion retailer only disclosed select information on the nature of the threat, but did concede that payment data processed through its POS terminals was accessed before the company discovered that the systems encryption capability was sometimes turned off. Armed with this knowledge other retailers could at the very least ensure that a similar fault or misconfiguration doesn’t affect their own POS equipment.

At Recorded Future, we provide many large retail brands with a universal threat intelligence solution for proactive security. To learn more about what Recorded Future can do for retailers, or to see our industry-leading threat intelligence solution in action, request a personalized demo.