December 22, 2016 By Michelle Alvarez 2 min read

The end of the year is often a time of reflection. What went wrong? What went right? If you’re a retailer that experienced a security breach in 2016, you’re likely reflecting on what went wrong and seeking to identify the gaps in your security landscape. Why? Because breaches are costly.

In fact, the Ponemon Institute’s “2016 Cost of Data Breach Study: Global Analysis” revealed that financial damage to online retail is escalating. In 2015, the retail sector experienced a significant increase in the cost of stolen data, from $105 per record in 2014 to $165 in 2015. In 2016, that amount rose to $172 per record in retail, substantially higher than the cross-industry average of $158.

Security Trends in Retail

A new IBM report focusing on security trends in the retail industry highlighted the threats to retailers’ networks that drive many of the data breaches responsible for this financial damage. You may be surprised to learn that many successful attacks against retailers stem vulnerabilities characterized as low-hanging fruit.

The top two attack vectors observed across IBM Managed Security Services (MSS) networks, Shellshock and SQL injection, exploit unpatched vulnerabilities. Attackers are compromising retail networks where basic security measures — identify, protect, detect and recover — have not been performed.

Read the new X-Force Report: Security Trends in the Retail Industry

Protecting Crown Jewels While Optimizing Customer Experience

As the intersection of personalization, privacy and security grows ever more complex, the challenge for retailers to protect their consumers’ sensitive information from the standpoints of both privacy and security intensifies.

Attackers targeting the retail industry are less interested in taking down a site and more focused on obtaining valuable information such as credit card data. Even if businesses are collecting, storing and using information properly, they must monitor the types of attacks targeting their networks and seek ways to mitigate the exfiltration of their consumers’ data.

For advice on how to address these threats and more insights about online retail security drawn from the recent Black Friday and Cyber Monday weekend, download the full IBM report, “Security Trends in the Retail Industry: Attackers Are Shopping for Low-Hanging Fruit.”

More from Retail

5 ways to improve holiday retail and wholesale cybersecurity

4 min read - It’s the most wonderful time of the year for retailers and wholesalers since the holidays help boost year-end profits. The National Retail Federation (NRF) predicts 2022 holiday sales will come in 6% to 8% higher than in 2021. But rising profits that come at the cost of reduced cybersecurity can cost companies in the long run when you consider the rising size and costs of data breaches. The risk of data breaches and other cyber crimes can make this shopping…

Cost of a data breach: Retail costs, risks and prevention strategies

3 min read - Whether it’s online or brick-and-mortar, every new store or website represents a new potential entry point for threat actors. With access to more personally identifiable information (PII) of customers than most industries, bad actors perceive retail as a great way to cash in on their attacks. Plus, attackers can duplicate attack methods more easily since retailers share similar cybersecurity infrastructure. The good news for retail is that the cost of a data breach in the sector remains low compared to…

Lessons learned by 2022 cyberattacks: X-Force Threat Intelligence Report

3 min read - Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights. This year, a new industry took the infamous top spot: manufacturing. For the first time in over five years, finance and insurance were not the top-attacked industries in 2021, as manufacturing overtook them by a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today