-
Frequency
629 incidents, 241 with confirmed data disclosure
Top patterns
System Intrusion, Social Engineering and Basic Web Application Attacks represent 84% of breaches
Threat actors
External (87%), Internal (13%) (breaches)
Actor motives
Financial (98%), Espionage (2%) (breaches)
Data compromised
Credentials (45%), Personal (27%), Other (25%), Payment (24%) (breaches)
Top IG1 protective controls
Security Awareness and Skills Training (CSC 14), Access Control Management (CSC 6), Secure Configuration of Enterprise Assets and Software (CSC 4)
What is the same?
These organizations continue to be impacted by a variety of threat actors that leverage a range of tactics such as deploying malware to capture credit cards being processed by webforms and more common tactics like phishing.
Summary
The Retail industry is experiencing the same types of attacks they suffered last year; Use of stolen credentials, Phishing and Ransomware.
Retail
NAICS 44-45
- 2022 DBIR
- Master Guide
- Introduction
- Summary of Findings
- Results and Analysis Intro
- Results and Analysis - Intro to Patterns
- Results and Analysis - Not the Human Element
- Results and Analysis - Basic Web Application Attacks
- Industries
- Intro to Industries
- Accommodation and Food Services Data Breaches
- Arts and Entertainment Data Breaches
- Data Breaches in Education
- Financial Services Data Security Breaches
- Healthcare Data Breaches
- Information Industry Data Breaches
- Data Breaches in Manufacturing Industries
- Data Breaches in Energy & Utilities Industries
- Professional Services Data Breaches
- Public Administration Data Breaches
- Retail Data Breaches and Security
- Small Business Data Breach Statistics
- Intro to Regions
- Wrap Up
- Appendices
- Corrections
- Download the full report (PDF)
Please provide the information below to view the online Verizon Data Breach Investigations Report.
Thank You.
Thank you.
You will soon receive an email with a link to confirm your access, or follow the link below.
Thank you.
You may now close this message and continue to your article.
-
Patterns
5-Year difference
3-Year difference
Basic Web Application Attacks
No change
Less
Social Engineering
No change
Greater
System Intrusion
Greater
No change
-
Pattern
Difference with peers
System Intrusion
Greater
Social Engineering
Greater
Basic Web Application Attacks
Less
-
Our society, indeed the entire globe, has seen an astounding amount of change over the last couple of years. The Retail industry, on the other hand, has not, at least when it comes to breaches. As tempting as it was to simply cut and paste our findings for this industry from last year’s report, we bravely refrained from doing so. Nevertheless, while the needle has not moved very much from when we last looked at it, there are a few noteworthy findings.
Social attacks, roughly split between Phishing (53%) and Pretexting (47%), have been on the rise over the last few years in the Retail industry: 7% in 2016, 13% in 2018, 29% this year. This accounts for Social Engineering’s position in the top three patterns. Therefore, as one might expect, Credentials are the top data type compromised in this vertical. In many cases those Credentials are later utilized to hack into servers and load ransomware (47%). Then the criminals sit back and wait for a big payday.
One interesting finding this year is that the Malware enumeration of “Capture app data” in the Retail industry is 7 times higher than the other industries. This goes some way to explain why the System Intrusion pattern is ranked at first place in this industry. The “capture app data” functionality is one that we commonly see in Magecart-type attacks, in which the attacker will typically exploit a vulnerability, use stolen credentials to gain access to an e-commerce server and then just chill there and take a little sumpin’ sumpin’ for themselves, almost always payment card data.
Finally, when a company in the Retail industry learns that they have become a victim, it’s via fraud detection mechanisms (e.g., Common Point of Purchase (CPP) or law enforcement) more than any other industry. This is perhaps a rather intuitive finding given the fact that retail is responsible for so many transactions, but it is noteworthy nonetheless.
Let's get started.
Choose your country to view contact details.
- Select Country...
- United States
- Argentina
- Australia
- Austria
- Belgium
- Brazil
- Canada
- Chile
- China
- Colombia
- Costa Rica
- Denmark
- Finland
- France
- Germany
- Hong Kong
- India
- Ireland
- Italy
- Japan
- Korea
- Luxembourg
- Mexico
- Netherlands
- New Zealand
- Norway
- Panama
- Portugal
- Singapore
- Spain
- Sweden
- Switzerland
- Taiwan
- United Kingdom
- United States
- Venezuela
-
Call for Sales.
Or we'll call you.
Existing customers, sign in to your business account or explore other support options.