Protecting the Retail Industry With Real-Time Threat Intelligence

August 27, 2019 • The Recorded Future Team

The retail industry is a common and enticing target for threat actors. Not only do retail organizations process a massive number of financial transactions — which have historically been a major target — but they also hold large quantities of customer data in a variety of databases.

To make matters worse, the typical retail organization has a trifecta of security challenges:

  1. Many endpoints
  2. Plenty of staff
  3. High staff turnover

In this blog, we’ll take a closer look at the industry’s cyber landscape and explain how retail organizations can use threat intelligence to level the playing field.

An Industry of Shifting Cyber Tactics

At any given time, large quantities of payment card, voucher, and customer loyalty scheme data is up for sale on the dark web. Based on this alone, it’s reasonable to assume that the retail industry is heavily — and successfully — attacked by threat actors. So let’s take a look at the stats.

According to Ponemon’s 2018 Cost of Data Breach Study, retail is fifth on the list of most frequently breached industries. And that’s hardly surprising. There are, after all, plenty of retail organizations to attack, and most hold enough valuable data to excite even the most downhearted threat actor. The report goes on to explain that, on average, breaches cost retail organizations $116 per record, which is actually on the lower end of the scale — the healthcare industry comes in at #1 with a massive $408 per record. However, because retail companies hold such a large quantity of records, the total cost of retail breaches can be huge.

And it’s not just the direct costs that are problematic. On average, retail organizations see a 2.1% churn rate following a breach. That means 2.1% of their customers take their business elsewhere — not a good outcome for an industry where profit margins are often as low a 0.5%. With downsides like these, preventing data breaches is naturally a top priority for retail organizations. For that to be possible, they need to understand how breaches typically occur. According to Verizon’s 2019 Data Breach Investigations Report, the TTPs (tactics, techniques, and procedures) used by threat actors against retail organizations are evolving rapidly.

In the past, attacks against retail organizations were all about POS compromise. Now, however, retail web applications are by far the most common target, and attacks against them have an extremely high success rate. In this year’s DBIR dataset, Verizon recorded 92 security incidents relating to retail web applications, 88 of which went on to become data breaches.

Continuing the evolutionary trend, attacks against web applications are no longer targeting data at rest in databases. Instead, threat actors are using code injection (via both hacking and malware) to capture customer data as it is entered into web forms. The bottom line is simple. On top of their existing challenges, retail organizations must now defend against rapidly evolving — and often highly sophisticated — cyber threats.

Threat Intelligence for the Retail Industry

In light of all this, the retail industry has its work cut out to protect both customer and payment card data. This is where threat intelligence comes to the fore. It helps retail security teams make informed decisions about where to focus their time and resources, and what actions to take to minimize the risk posed to their critical assets and data.

While there are many applications for threat intelligence in the retail industry, there are four use cases in particular that yield huge benefits:

1. Finding and Fixing Vulnerabilities Before They Are Exploited

Many organizations approach vulnerability management as a numbers game. The more they patch, the better they feel. In reality, though, patching thousands of vulnerabilities is no use if the critical few are missed.

Retail organizations often have multiple active systems that process customer payments, and those systems are more connected than ever, Many are internet-facing, making them an enticing and readily accessible target for threat actors.

Threat intelligence helps retail organizations identify vulnerabilities that are being actively exploited and/or included in exploit kits so they can be patched urgently. This profoundly reduces the chances that a payment system will be compromised, even if they are targeted by sophisticated threat groups.

2. Going Beyond Compliance

Being compliant with PCI DSS and other relevant frameworks is essential, but it’s not enough. It’s not even close to enough. Back in 2013, Target was certified as being PCI DSS compliant just weeks before hackers installed malware on their network.

But going beyond compliance requirements can be like wandering into uncharted territory. There are thousands of potential options, and it’s not easy to know how and where to expand. Threat intelligence helps retail organizations identify and resolve areas of weakness in their security profile that aren’t covered by industry frameworks, but which will measurably reduce cyber risk.

3. Better Decision-Making

Retail organizations have very large environments to protect, often across diverse geographic locations, with lots of staff and high staff turnover. Unsurprisingly, this makes protecting them from cyber threats rather challenging.

Threat intelligence helps retail security leaders accurately measure the maturity of their cyber programs based on current, real-world cyber risk. In turn, this helps them identify which of their initiatives have the highest value to the organization, ensuring that security resources can be allocated to maximum effect.

4. Being Proactive in Defense

This is where threat intelligence really excels: it helps security teams understand what threat actors are currently doing in their industry. Not what they were doing last week, last month, or last year — but what they’re doing right now. When security teams know where and how they are most likely to be attacked, they have the chance to get there first.

Proactive security measures like advanced penetration testing, red teaming, and internal hunting can all be used to protect weak points like web applications and POS devices. Even better, when security teams have intelligence on the specific TTPs being used to compromise networks in their industry, their proactive measures can be even more targeted, thorough, and effective.

A Leg-Up on Cybersecurity

Because the potential for financial gain is so high, the retail industry consistently receives the attention of highly sophisticated, organized hacking groups. Even with reasonable security measures in place, ensuring the ongoing safety of customer and payment card data is no easy feat.

Threat intelligence helps retail organizations prioritize security initiatives and investment based on what poses the greatest real-world risk to their assets. It also helps them secure weak points — particularly POS systems and web applications — against the latest cyber threats and TTPs.

Learn More

If your organization isn’t currently using threat intelligence, here’s an easy way to get started. Sign up for our free Cyber Daily newsletter, and you’ll receive the top cybersecurity intelligence direct to your inbox each morning. That includes:

  1. Top targeted industries
  2. Most active threat actors
  3. Most exploited vulnerabilities
  4. Trending malware
  5. The latest suspicious IPs
  6. And much more

Subscribe today and use this intelligence to keep your organization — and your customers’ data — safe from cyber threats.