A new study from Verizon indicates retailers are facing new cyberattack trends.
According to the 2019 Verizon Data Breach Investigations Report (DBIR), 97% of 234 analyzed cyberincidents in the retail industry (139 with confirmed data disclosure) were financially motivated. The remaining 3% were committed for fun or espionage purposes.
One of the biggest developments tracked by the DBIR is a movement away from “card present” attacks on physical card payments. POS compromises represented 6% of retail incidents in 2018, compared to 63% in 2014. The percentage of incidents represented by payment card skimmers fell to 3% from 6% in the same time period.
However, cyberattacks involving web applications comprised 63% of incidents in 2018, compared to 5% in 2014. Privilege misuse increased to 10% of incidents from 3% in the same time period. This shows that hackers are clearly shifting their attention to e-commerce payment applications, as opposed to physical POS or card reader systems located in a store or attached to a gas pump.
Most attacks (81%) involved external actors breaching retailer security systems, as opposed to internal compromises. Payment data was most frequently compromised (64%), followed by credentials (20%), and personal information (16%).
Verizon analysis suggests that EMV regulations requiring chips to authenticate transactions with physical payment cards have diminished the value proposition of card-present fraud for cybercriminals, who are instead targeting e-commerce transactions.
Moving forward, Verizon offers three recommendations for retailers seeking to avoid being victimized by cybercriminals:
more at source: https://www.chainstoreage.com/operations/study-cybercriminals-shift-approach-to-retail/