What’s the retail industry receiving this holiday season? Most likely a new malicious link or document. A new IBM report revealed that attacks involving malware are prevalent, making up most of the threat activity observed across the IBM Managed Security Services client networks. Malware is the leading attack type in breaches, according to IBM X-Force Interactive Security Incidents data.

Think Twice Before Clicking

As in most other industries, attacks aimed at fooling victims into opening malicious documents or clicking on links to malicious sites are proving very successful in retail. The intent is almost always to have the victim download malware. These attacks accounted for nearly 18 percent of the total attacks observed targeting retail in 2015, according to the IBM data.

The Gift You Don’t Want That Keeps on Giving

Cybercriminals see no need to reinvent the wheel; proven attack vectors such as Shellshock and SQL injection continue to plague retailers. Although it’s been around since 1995, SQL injection is still one of the most common attacks on Web assets. It is also the second-most common known attack type associated with retail security breaches.

Named one of the threat game changers for 2014, the Shellshock vulnerability is now the No. 3 attack vector. It accounted for over 13 percent of the attacks in the retail industry in 2015.

Shifting Focus: Attackers Targeting Smaller Businesses

With security controls tightened in large enterprises, attackers are going after smaller businesses. The payoff per target may be lower, but the targets are easier and far more numerous. Analysts are finding it difficult to assess the true impact of this shift because many smaller retailers aren’t reporting the number of compromised records in their disclosures.

No Major Uptick in Retail Attacks Over Black Friday/Cyber Monday

IBM also assessed attack data from the Black Friday/Cyber Monday weekend. Those days might seem like a good time for increased attacks, but historically we haven’t seen a sharp uptick. This year fared no differently, with the daily average number of attacks that weekend only slightly above the daily average for the year.

The Financial Damage Is Escalating

As the 2015 Cost of Data Breach Study: Global Analysis reported, “While the cost of data breach stayed relatively constant for most industries, the retail sector experienced a significant increase, from $105 [per record] in 2014 to $165 in 2015.” Given the sheer volume of breaches — almost 236 million records are known to have been compromised since 2011 — that means losses in the billions.

With all the concerns plaguing the retail industry, organizations need to understand the trends and make the security investments that best respond to them. The IBM recommendations are meant to optimize security programs to stop advanced threats and protect the crown jewels.

Read the complete research report on security trends in the retail industry

More from Retail

Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies

Whether it’s online or brick-and-mortar, every new store or website represents a new potential entry point for threat actors. With access to more personally identifiable information (PII) of customers than most industries, bad actors perceive retail as a great way to cash in on their attacks. Plus, attackers can duplicate attack methods more easily since retailers share similar cybersecurity infrastructure. The good news for retail is that the cost of a data breach in the sector remains low compared to…

Lessons Learned by 2022 Cyberattacks: X-Force Threat Intelligence Report

Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights. This year, a new industry took the infamous top spot: manufacturing. For the first time in over five years, finance and insurance were not the top-attacked industries in 2021, as manufacturing overtook them by a…

Magecart Attacks Continue to ‘Skim’ Software Supply Chains

Did your company or e-commerce firm recently buy third-party software from a value-added reseller (VAR) or systems integrator? Did you vet the vendor code? If not, you could be at risk for a Magecart group attack. Magecart is an association of threat actor groups who target online shopping carts, mostly from within the e-commerce platform Magento. The Magecart name is derived by combining ‘Mage’ (from Magento) with ‘cart’ (shopping cart). This type of attack is especially dangerous as it only…

Omnichannel E-commerce Growth Increases API Security Risk

Today, a lot of the digital innovation we see is largely thanks to the application programming interface (API). Without APIs, rapid development would be nearly impossible. After all, the API is the link between computers, software and computer programs. But wherever there’s a link, a potential data security weakness exists. Essential for modern mobile, SaaS and web applications, APIs are nearly ubiquitous in everything from front office, back office and internal applications. By nature, however, APIs expose application logic and…