![\"Retail](\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png\")
<\/a><\/p>\n<\/p>\n
Data breaches are becoming more prevalent these days, and the retail sector is definitely seeing its share of attacks. Most recently, a historic data breach impacted up to 1.85 million \u2018The Good Guys\u2019 customers. IBM recently revealed its \u2018X-Force Threat Intelligence Index 2023\u2019 report. According to the 2023 report, the deployment of backdoors, which allow remote access to systems, emerged as the top action by attackers last year.\u00a0 \u201cThe retail and wholesale industry was the fifth-m<\/p>\n
![](\"https:\/\/i0.wp.com\/insideretail.com.au\/wp-content\/themes\/irau\/assets\/images\/ir_circle.png?w=640&ssl=1\")
\n <\/div>\nThis article is for the Professionals<\/h2>\n
Only $5+GST\/month for the first 3 months<\/p>\n
Already a professional? Log in<\/span>\n <\/div>\n<\/p><\/div>\n<\/p><\/div>\n ifth-most targeted industry, accounting for 8.7% of all attacks among the top 10 industries, up from 7.3% in 2021,\u201d Luq Niazi, Global Managing Partner, Industries at IBM, told Inside Retail.<\/p>\n Phishing on the rise<\/p>\n He went on to say that one of the most concerning aspects of the report is the prevalence of spear phishing emails with a malicious link as an initial access vector for attacks on the retail industry, accounting for 33 per cent of all attacks.\u00a0<\/p>\n \u201cThis highlights the need for improved employee training and cybersecurity awareness in the industry. The top impacts of these attacks were extortion (50 per cent), credential harvesting (25 per cent), and financial loss (25 per cent).<\/p>\n Niazi feels that given the significant amount of sensitive information and financial transactions involved in the retail industry, it\u2019s not surprising that it\u2019s an attractive target for cyber attackers.<\/p>\n Being proactive<\/p>\n According to him, for retailers and wholesalers, the speed of their response time to a cyberattack can mean the difference between minimal impact on their supply chain and significant disruption.\u00a0<\/p>\n \u201cWith a complex network of suppliers and partners, a breach in security can quickly spread and cause harm to the entire system. Retailers must rapidly respond to a cyberattack to protect their customers\u2019 sensitive information and financial data,\u201d he explained.<\/p>\n He is of the opinion that retailers and wholesalers can invest in endpoint or extended detection and response technologies that can detect potential threats and stop them in their tracks before they cause any significant harm.<\/p>\n The state of affairs<\/p>\n Niazi feels that cybercriminals are becoming more sophisticated, and their methods for tricking users into clicking malicious links are evolving.<\/p>\n \u201cIn these attacks, for example, a cybercriminal may intercept an ongoing email thread between a retailer and a supplier, and then inject a message containing a phishing link that appears to be from the supplier,\u201d he added.<\/p>\n In this case, the retailer may be more likely to click on the link because it appears to be part of a legitimate conversation, which could result in a data breach, financial loss, or other serious consequences.\u00a0<\/p>\n Remaining vigilant<\/p>\n At the end of the day, Niazi feels retailers, brands, and marketers need to embrace a new mindset that prioritises cybersecurity and risk management.\u00a0<\/p>\n \u201cRather than thinking of cybersecurity as an afterthought or something that can be dealt with after a breach occurs, businesses should adopt a proactive approach that focuses on prevention and mitigation,\u201d he opined.<\/p>\n He reiterated that one key mindset change that businesses should embrace is a shift towards a \u201csecurity-first\u201d culture. This means that cybersecurity should be integrated into all aspects of a business, from product design to marketing strategies.\u00a0<\/p>\n How to prevent attacks<\/p>\n Niazi feels that retailers can take several steps to prevent cyberattacks and protect their sensitive data and networks. The first step is to implement a zero-trust strategy, as phishing attacks with malicious links remain the most common in the retail sector.<\/p>\n \u201cRetailers should implement strong multi-factor authentication (MFA) to prevent unauthorised access and limit the impact of a potential attack,\u201d he said.<\/p>\n Additionally, he feels that retailers should regularly monitor their systems, restrict access to servers and applications to the minimum required for users to carry out their jobs.<\/p>\n Moreover, retailers should have network designs that can contain the impact of a breach and be confined to a specific region.<\/p>\n AI-infused attacks<\/p>\n Beyond more traditional cyber attacks, Niazi believes that businesses should be ready for the potential of AI-powered attacks becoming more common in future. Cybercriminals are increasingly using AI to identify vulnerabilities in systems, automate attacks, and create phishing scams that appear more realistic.<\/p>\n \u201cThis is a concerning trend because it means that attacks can happen faster and with greater precision, making it more difficult for businesses to detect and respond to them,\u201d he observed.<\/p>\n Moreover, supply chain attacks are also a growing concern for businesses in the retail industry. Cybercriminals are targeting third-party vendors and suppliers to gain access to the networks of larger organisations.\u00a0<\/p>\n \u201cThese attacks can be difficult to detect and can lead to large-scale breaches. To protect themselves against these and other emerging threats, businesses in the retail industry should invest in robust cybersecurity systems and protocols,\u201d he concluded.<\/p>\n<\/div>\n