October 22, 2021

A blueprint for keeping retail safe and secure

  • NDR
  • blueprint
  • retail

Ransomware is currently rated as one of the biggest threats to the IT systems of companies and organisations, according to the President of the German Federal Office for Information Security. How big is the issue? The German IT industry association Bitkom says that cyberattacks including ransomware have resulted in damages of approximately 223 billion Euros in 2020/2021.  

One industry sector being hit particularly hard is retail. According to new global research, ransomware attacks on the retail sector grew by 183% between the first two quarters of 2021. This includes an attack on German clothes retailer Waschbar, which not only forced the shutdown of its email system but also its online and telephone order processing systems. Naturally, these incidents have retailers concerned as they work tirelessly to address growing supply chain issues and labor shortages and prepare for a successful 2021 holiday season. 

The retail industry is in a critical state  

Retailers are embracing new innovations to increase efficiency and deliver superior customer experiences. But what many don’t realize is this—many of these innovations are introducing new, attractive targets for cybercriminals.  

These include:  

  • Digital Transformation: Retail businesses have been at the forefront of digital transformation, which includes the growing use of contactless transaction technology and mobile apps.  These businesses are also beginning to deploy internet of things (IoT) technology—currently, 80 percent plan to adopt or are currently adopting IoT technology, including innovations such as environment monitoring, in-store navigation, cloud-connected kiosks, and digital signage. Each of these has significantly expanded the attacked surface.  
  • Retail Automation: All retailers are looking to increase efficiency and many are turning to retail automation to deliver. Some examples in play today include self-checkouts, warehouse robots, wireless shipment devices, and automated inventory management systems, each of which adds new vulnerabilities that criminals are looking to exploit.  
  • Point of Sale (POS) Solutions: Retailers are using POS solutions to gather a variety of data including credit card numbers and personal identification numbers (PIN) for trillions of transactions every day, all of which are gold to today’s criminals.  
  • Supply Chain: In what seems like the blink of an eye, the supply chain has become a top target for cybercriminals. The European Union forecasts there will be four times more software supply chain attacks in 2021 than there were in 2020. One reason for this success is that 62 percent of attacks are exploiting a presumed trust and confidence that retailers have in their supply chain. With retailers counting on their supply chains for inventory management, order fulfillment, and software management,  the risk of exposure will only continue to grow. 
  • Insider Threat: Today 38 percent of ransomware attacks in retail are the result of insider threats and as an industry subject to higher turnover rates than others, the threat of continued incidents is significant. This vulnerability is further exacerbated by a dependency on seasonal employees and larger distribution centers.  

While retailers continue to evolve and grow increasingly more aware of these vulnerabilities, ransomware gangs are not standing idle. They fully recognize the opportunities that exist today and are actively targeting them now—in fact, many retailers have likely been comprised already and just don’t know it yet.  

Retail Attack Surface Blueprint  

With escalating threats and increasing vulnerabilities, prevention is no longer enough. Just as retailers routinely offer discounts and incentives to help drive sales, they must also implement a ransomware routine that proactively looks for hidden threats. This is where ForeNova’s Attack Surface Blueprint, delivered by NovaCommand, comes in.   

The attack surface blueprint helps businesses, across all industries, avoid becoming the next victim by seeing what the criminals see. It provides a complete view of an organization's IT landscape, including the most common exposures - and easy targets for cybercriminals.  

Built by ForeNova’s team of ransomware experts, using data gathered from thousands of enterprises, ransomware attacks, and undetected threats, attack surface blueprints give retail security professionals the intel required to move quickly and confidently in responding to threats. With visibility into your ‘attack surface,’ you can start to fight back–and beat ransomware gangs at their own game using the Network Detection and Response (NDR) solution, NovaCommand.  

Network Detection and Response  

Through a combination of machine learning, advanced analytics, and rule-based detection, NovaCommand eliminates blind spots in the network to quickly mitigate threats. 

NovaCommand is a complete NDR offering, providing retailers with deep network visibility into on-premise and cloud environments. Using ML to model the normal behavior of network traffic, NovaCommand is able to quickly identify abnormalities and then eliminate false positives. This allows teams to focus all their efforts on suspicious network traffic and activities that may represent a cyberattack. These techniques include signature analysis, malware detection, sandboxing, indicators analysis, email security, web security, machine learning, AI, deception, and asset risk analysis. 

When detected, NovaCommand prioritizes the threat and triggers the correct response actions. These response actions can be manual or automated and are enabled through tight integration with firewall vendors, endpoint protection vendors, and other security products like network access control solutions. Response actions can block ports, trigger an endpoint scan or block a port on a physical switch. NovaCommand also provides incident responders with the tools they need to make risk-based decisions and mitigate attacks in near real-time. 

There’s no doubt that the threat posed by ransomware is significant and growing. But all is not lost. Through a proactive security posture and automated threat response, retailers can uncover hidden and unknown threats to quickly close security gaps and greatly reduce strain on internal resources. The reality for all industries is that we can’t stop ransomware, but we can protect organisations from these new and persistent cyber threats. 

Ready for your custom blueprint?  

Get Your Attack Surface Blueprint