Hackers see better opportunities in exploiting the security vulnerability of retailers than in targeting financial services firms, according to the 2016 NTT Group Global Threat Intelligence Report.
According to the research, nearly one quarter (22 percent) of all cyberattacks originated from the retail market, with financial services coming in second at 18 percent. Additionally, the retail sector experienced the most attacks per client of any industry, with customers suffering nearly three times the number of attacks as financial services clients.
Why Retailers Are Particularly Vulnerable to Breaches
Retailers are prime targets because of the tremendous amount of credit card and other personal data that they process across their networks, which include endpoints such as point-of-sale (POS) devices. Each different network endpoint represents a potential security vulnerability, according to Rory Duncan, head of the security business unit at Dimension Data UK. This is especially true if a retailer isn’t using the latest security technologies and strategies, as once a hacker gains entry into the network, it’s much easier to compromise sensitive data.
Among the report’s other findings:
- U.S.-based attacks continue to increase each year, accounting for 65 percent of all attacks in 2015
- About 21 percent of attacks went after vulnerabilities that were at least three years old
- The attacks against retailers often involved “spear phishing,” which Trend Micro defines as “a targeted form of phishing in which fraudulent emails target specific organizations in an effort to gain access to confidential information.”
Defense in Depth and the Importance of Mobile Security
NTT Group recommends deploying “defense in depth,” or using multiple layers of defense rather than relying on just one or two controls to try to protect against the growing incidence of cyberattacks. Defense in depth helps protect against different security vulnerabilities at different levels of the network by presenting additional layers as one gets deeper into the network.
An essential element of defense in depth is ensuring that the increasingly important mobile channel is adequately protected. The more popular mobile becomes, the more attractive a target it is for hackers. According to Sam Phillips, vice president and chief information security officer for Samsung Business, organizations need to understand the role mobility plays in their companies and consider the risks to their businesses.
The issue of security at point of sale has prompted many U.S. retailers to follow the lead of their European counterparts by installing POS devices that can read payment cards with the added security of computer chips, as well as the older magnetic stripe cards. However, most merchants have been slow to accept chip-based cards, as more than 40 percent have yet to install EMV-capable POS devices, and only about one-fifth of merchants with the devices have turned on the EMV feature.
Convenience and Security of Samsung Pay
Merchants and consumers can quickly benefit from additional security by using Samsung Pay to make their purchases. Samsung Pay is a mobile payment service available on the latest Samsung Galaxy smartphones. By leveraging both near-field communication and the widely available magnetic secure transmission technology that most current POS terminals use, Samsung Pay enables quick adoption of more secure transactions without the expense or effort of upgrading to new payment terminals.
The NTT report serves as a good reminder that retailers are prime targets for hackers, and should re-evaluate their network defenses to ensure they’re following best practices in protecting against potential security vulnerabilities.
Learn more about why retailers are top targets for hackers, and what you can do to ensure your business is protected here.