Research
Cyber attacks agains US retailers declined by as much as 50 percent since 2012, but the number of records stolen from them remains at near record highs, a new IBM study shows.
IBM Security researchers recently reported that during the year cyber attackers still managed to steal more than 61 million records from retailers despite the decline in attacks, demonstrating cyber criminal’s increasing sophistication and efficiency.
According to the research, cyber attackers are using new techniques to obtain massive amounts of confidential records with increased efficiency. This is why despite the decline in the number of attacks, the perpetrators were able to impact a far greater number of victims with each incident.
“The threat from organized cyber crime rings remains the largest security challenge for retailers,” said Kris Lovejoy, General Manager, IBM Security Services. “It is imperative that security leaders and CISOs in particular, use their growing influence to ensure they have the right people, processes and technology in place to take on these growing threats.”
Surprisingly, majority of cyber attackers scaled back their hacking efforts around Black Friday and Cyber Monday, the two biggest shopping days of the year.
IBM’s Digital Analytics Benchmark, the number of daily cyber attacks during the two week period (24 November – 5 December) was 3,043, nearly one third less than the 4,200 average over this period in 2013.
In a year’s time, the number of breaches also dropped by more than 50 percent for Black Friday and Cyber Monday. In 2013, there were more than 20 breaches disclosed including several large breaches that caused the number of records compromised to rise drastically, reaching close to 4 million. Over the same period in 2014, 10 breaches were disclosed which resulted in just over 72,000 records getting compromised
Despite this “cyber threat slow down,” the retail and wholesale industries emerged as the top industry target for attackers in 2014, a potential result of the wave of high profile incidents impacting name brand retailers.
IBM need that while there has been a rise in the number of Point of Sale (POS) malware attacks, the vast majority of incidents targeting the retail sector involved Command Injection or SQL injection. The complexity of SQL deployments and the lack of data validation performed by security administrators made retail databases a primary target.
