CYBER SECURITY
klyaksun / Shutterstock.com
Garett Seivold, LPM Senior Writer Garett Seivold is senior writer for LPM. A trained journalist, he has spent the majority of his career writing about security, risk management, supply chain, and loss prevention topics. He can be reached at GarettS@LPportal.com.
In Search of a Better User Experience, Retailers Create Cyber Vulnerabilities W
Successful web application attacks pose a serious threat, accounting for 43 percent of all data breaches in 2019 and up double from the year before, according to the 2020 Data Breach Investigations Report (DBIR) by Verizon.
ith online shopping surging 30 percent in 2020, it’s little surprise that cyber attacks are common, with nearly 400 million customer records exposed in attacks on retailers last year, according to calculations by Bloomberg. Such events can do lasting damage—78 percent of customers indicate they would be concerned about doing business with a retailer if the company experienced a breach, according to survey findings released in November by Generali Global Assistance. Retailers are implementing advanced security to prevent online intrusions, but as retailers expand their online operations, the sheer expanse of their attack surface makes protection difficult. Many experts point to retailers’ desire to create better user experiences—faster shopping, more personalization—as a primary challenge for retailers moving forward. To create a fast and easy shopping experience for consumers, retailers must deploy a complex web of applications. And with more applications at work the harder it is to spot and manage vulnerabilities.
March–April 2021
them considered suspect Successful web application (often test environments attacks pose a serious threat, left online and potentially accounting for 43 percent providing a backdoor for of all data breaches in 2019 bad actors) and 22 percent and up double from the year running on old components. before, according to the 2020 Exploitation of vulnerable Data Breach Investigations web app infrastructure is one Report (DBIR) by Verizon. Retail variety of the attack pattern, industry data tells a similar according to the Verizon story, with web applications DBIR, and the use of stolen becoming the primary target credentials is another. Data of attacks on the retail industry. show the two “are close “Over the last few years (2014 to 2019), attacks have made the competitors for first place in the hacking varieties category, swing away from point‑of‑sale and there is not a great deal to devices and controllers, and distinguish between them from toward web applications,” a percentage point of view,” according to the DBIR. said the report. “In a perfect Many web applications world, someone else’s contain a labyrinth data breach would of layers, according not raise the risk to to Stephane your own. However, Konarkowski, senior that is increasingly security consultant not the case, with for Outpost24, a the adversaries provider of vulnerability amassing datastores of management credentials from other technology. “If not people’s misfortune designed with security Stephane Konarkowski and trying them out in mind, they can against new victims.” be a breeding ground for Other studies and surveys vulnerabilities,” he wrote for point to three other strategies the RSA Conference. In its research, Outpost24 found that may help retailers get a 3,357 publicly‑exposed web better handle on current and applications running over emerging cyber threats. 401 domains among the top retailers, with 8 percent of Continued on page 62
| 60 |
LossPreventionMedia.com
