What were the most common cyber attack patterns in the retail industry in 2023?
支持… 网络安全 Awareness Month, we are examining reported incidents by industry. The focus of this article will be the retail industry.
With a wealth of payment data and countless entry points from e-commerce shops, third-party vendors and physical store locations, the retail industry is teeming with opportunities for threat actors to capitalize on for financial gain.
In fact, to nobody’s surprise, the Verizon 2023 Data Breach Investigations Report (Verizon DBIR) found that 100% of the reported incidents were financially motivated, and 37% specifically targeted payment card data.
So, what were the most common cybersecurity attack methods in the retail industry in 2023?
According to the 2023 Verizon DBIR, nearly 90% of all reported incidents in the retail industry were from social engineering, system intrusion or basic web application attacks.
Social Engineering and the 零售 Industry
One of the usual suspects in the cybersecurity world, social engineering is a common, 但是非常有效, 策略. Threat actors prey on human nature to manipulate individuals into exposing sensitive information. In the context of the retail industry, this can include manipulating someone into providing access to customer databases with payment card data, company network information or customer credentials.
System Intrusion and the 零售 Industry
System intrusion may seem like a straightforward concept, but it’s still a commonly reported attack pattern that many retailers aren’t completely protected from. System intrusions involve cases in which a threat actor uses technological means to gain unauthorized access to a system or database. Mostly reported as hacking or deploying malware, this attack method also includes ransomware, which is a growing issue for retailers. A recent report suggests that there was a 增加75% in the rate of ransomware attacks on the retail sector in 2022.
Basic Web Application Attacks and the 零售 Industry
一个非常简单的攻击方法, basic web application attacks are akin to a smash-and-grab in the cybersecurity world – get in, 拿上货物,离开这里. 在零售业, web applications commonly take the form of an e-commerce website or app, 还有第三方网站, 插件, 供应商和供应链, all of which can hold a treasure of payment, personal and proprietary data.
The good news is the risk of basic web application attacks can be mitigated with automated security tools, 多因素身份验证, best-practice controls and proactive incident response planning. While protective measures aren’t error-proof, they do offer some peace of mind.
This article is part of a series highlighting the most common cybersecurity incidents by industry and is based on data from the 2023 Verizon DBIR. 其他条款包括:
- Protect Your 金融 and Insurance Data: 3 Common Cyber Attack Methods to Watch Our for in 2023
- Protect Your Students, Faculty and Staff: 3 Common Cyber Attack Methods to Watch Out for in 2023
- Protect Your Manufacturers: 3 Common Cyber Attack Methods to Watch Out for in 2023
- Protect Your Patients and Their Data: 3 Common Cyber Attack Methods to Watch Out for in 2023
- 网络安全 Awareness Month Celebrates 20 Years
It is important to note that the data referenced is from organizations that chose to disclose incidents and data breaches.
About 网络安全 Awareness Month
自2004年以来, the United States and Congress have recognized October as 网络安全 Awareness Month to raise awareness about the importance of cybersecurity in the public and private sectors and tribal communities. 今年是20周年th year anniversary of 网络安全 Awareness Month and this year’s campaign, 保护我们的世界, focuses on four ways to protect yourself, your family and your business from online threats.
相关资源
- Cisa - s保护我们的世界主页
- CISA – 4 Things You Can Do To Keep Yourself Cyber Safe
- bet9游戏平台 网络安全 Resource Library
- Verizon 2023 Data Breach Investigations Report
About bet9游戏平台 网络安全
The bet9游戏平台 cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware安全, vulnerability assessments and a robust digital forensics and incident response team. 此外,我们的 Digital 法医s and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
To learn more, visit our dedicated 网络安全 呼叫或联系团队 cybersecurity@ycdwkj666.com.