Breaches in Retail are primarily carried out by organized crime and are almost exclusively financially motivated. Last year’s trend of transitioning from “card present” to “card not present” crime continues. This also drives a decrease in RAM scraper malware. Personal data figures prominently in retail breaches, and is tied with payment for the top kind of data compromised.
Data theft is scaling up
As online sales have grown over the past several years, attackers have turned their attention from Point-of-Sale devices to Web Applications. This may be because attacking a website or server that holds volumes of payment data is more efficient than infiltrating a network, searching for PoS devices and installing malware individually.
Pick up the pace on security patches
Stolen credentials and exploitable web apps were constant vulnerabilities in this industry, but only about half of vulnerabilities were patched within the first quarter after they were discovered. It’s best to handle them as soon as possible, so problems don’t become worse and cripple you later.
Safeguard all types of customer data
Payment info was some of the data most sought by attackers in this industry, since it can be quickly monetized. And since personal data like email addresses and phone numbers are often wrapped up with payment data, it can easily wind up in criminals’ hands, too. So, be sure you securely process, store and transmit both payment and personal data.
See the latest trends in cybersecurity.
Explore the results of the 2020 Data Breach Investigations Report (DBIR) and see what patterns emerged across the thousands of security incidents, from companies both big and small.
Read specific insights about your industry
Accomodation and Food Service
Arts, Entertainment and Recreation
Financial and Insurance
Mining, Quarrying, Oil & Gas Extraction & Utilities
Professional, Scientific and Technical Services
Real Estate and Rental and Leasing
Transportation and Warehousing
Understanding the threats can help manage risk effectively
The threats are real, the attackers motivated. But something stands between them and your organizations data: you and your security teams, with the insight, perspective, and tools to take action. You'll find that all right here.
Ready to see how your company rates?Get your free security rating