The end of the year is often a time of reflection. What went wrong? What went right? If you’re a retailer that experienced a security breach in 2016, you’re likely reflecting on what went wrong and seeking to identify the gaps in your security landscape. Why? Because breaches are costly.

In fact, the Ponemon Institute’s “2016 Cost of Data Breach Study: Global Analysis” revealed that financial damage to online retail is escalating. In 2015, the retail sector experienced a significant increase in the cost of stolen data, from $105 per record in 2014 to $165 in 2015. In 2016, that amount rose to $172 per record in retail, substantially higher than the cross-industry average of $158.

Security Trends in Retail

A new IBM report focusing on security trends in the retail industry highlighted the threats to retailers’ networks that drive many of the data breaches responsible for this financial damage. You may be surprised to learn that many successful attacks against retailers stem vulnerabilities characterized as low-hanging fruit.

The top two attack vectors observed across IBM Managed Security Services (MSS) networks, Shellshock and SQL injection, exploit unpatched vulnerabilities. Attackers are compromising retail networks where basic security measures — identify, protect, detect and recover — have not been performed.

Read the new X-Force Report: Security Trends in the Retail Industry

Protecting Crown Jewels While Optimizing Customer Experience

As the intersection of personalization, privacy and security grows ever more complex, the challenge for retailers to protect their consumers’ sensitive information from the standpoints of both privacy and security intensifies.

Attackers targeting the retail industry are less interested in taking down a site and more focused on obtaining valuable information such as credit card data. Even if businesses are collecting, storing and using information properly, they must monitor the types of attacks targeting their networks and seek ways to mitigate the exfiltration of their consumers’ data.

For advice on how to address these threats and more insights about online retail security drawn from the recent Black Friday and Cyber Monday weekend, download the full IBM report, “Security Trends in the Retail Industry: Attackers Are Shopping for Low-Hanging Fruit.”

more from Retail

Lessons Learned by 2022 Cyberattacks: X-Force Threat Intelligence Report

Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights.  This year, a new industry took the infamous top spot: manufacturing. For the first time…