There has been a 50% decline in the number of cyber attacks against U.S. retailers since 2012, according to IBM's 2014 Retail Research and Intelligence Report. Nevertheless, the number of records stolen from retailers remains at near-record highs—with more than 61 million records stolen from retailers by cyber attackers in 2014.
“The threat from organized cyber crime rings remains the largest security challenge for retailers,” said Kris Lovejoy, general manager at IBM Security Services. “It is imperative that security leaders and CISOs, in particular, use their growing influence to ensure they have the right people, processes and technology in place to take on these growing threats.”
Interestingly, there were less cyber attacks around Black Friday and Cyber Monday in 2014, contrary to expectations, considering the the massive spike in retail spending during those times, according to IBM's Holiday Trends: Black Friday/Cyber Monday Research and Intelligence Report.
When looking at the two-week period (Nov. 24-Dec. 5) around those shopping days, some of the data show:
- The number of daily cyber attacks was 3,043, nearly one-third less than 2013.
- The number of breaches dropped by more than 50% from 2013 and 2014.
- In 2013, there were more than 20 breaches disclosed, including several large breaches that caused the number of records compromised to rise drastically, reaching close to 4 million.
- Over the same period in 2014, 10 breaches were disclosed, which resulted in just over 72,000 records getting compromised.
Despite this “cyber threat slowdown,” the retail and wholesale industries emerged as the top industry target for attackers in 2014. In the two years prior, manufacturing ranked first amongst the Top 5 attacked industries, while the retail and wholesale industry ranked last. This past year, the primary mode of attack was unauthorized access via Secure Shell Brute Force attacks, which surpassed malicious code, the top choice in 2012 and 2013.
The 61 million records stolen in 2014 was down from almost 73 million in 2013. However, when the data was narrowed down to only incidents involving less than 10 million records (which excludes the top two attacks over this time frame, Target Corp. and The Home Depot), the data show that the number of retail records compromised in 2014 increased by more than 43% over 2013.
While there has been a rise in the number of POS malware attacks, the vast majority of incidents targeting the retail sector involved Command Injection or SQL injection. The complexity of SQL deployments and the lack of data validation performed by security administrators made retail databases a primary target. Over 2014, this Command Injection method was used in nearly 6,000 attacks against retailers. Additional methods include Shellshock as well as POS malware such as BlackPOS, Dexter, vSkimmer, Alina and Citadel.
The data for the number of records compromised and breaches disclosed were analyzed by IBM security experts and were made publicly available by Privacy Rights Clearinghouse. The remaining data came from IBM’s Managed Security services team.
[Image: IBM.com/Holiday Trends: Black Friday/Cyber Monday]