Cyber Security NCC Group Resource Hub articles
31 October 2024
By NCC Group
Rising retail cyber security risks
The holiday jingle bells are starting to ring, and consumers around the world are readying their wallets. But there's something else that should be on every retail security professional's mind: cybercriminals are also gearing up for their busiest season.
Welcome to the Golden Quarter – where opportunity meets vulnerability in the retail world.
The numbers behind the risk to retailers
Let's explore some sobering statistics. In 2024, retail data breaches aren't just costly – they're breaking records. We're seeing an 18% year-over-year increase, with the average breach now costing a whopping $2.96M. That's not a typo, and it's certainly not a gift any of us want to unwrap this holiday season.
The bad news doesn't end there, sadly. NCC Group's cyber threat intelligence team has observed retail to be the second most targeted sector group to experience a ransomware attack in 2023 and H1 2024. Our client work and analysis also suggest that organizations within the consumer markets sector (retail, leisure, hospitality) are more susceptible to ransomware attacks. You can read our 2024 retail cyber threat intelligence report for more detailed insights.
If we think about that for a moment, retailers are not just fighting off the occasional cyber-Grinch. They're dealing with dangerous, sophisticated, and prolific cyber criminals who know precisely when to strike.
Why criminals love the holiday season
Picture this: Your website is humming with more traffic than ever, your payment processors are working overtime, you're more reliant on your suppliers than at any other stage of the year, and your team is sending countless emails with sales reports and customer data. Although it just sounds like the normal stresses of a high sales period, it's a also a cybercriminal's dream come true.
Here's why:
DDoS attacks become needles in a haystack: With so much traffic, who can tell what's legitimate and what's not?
Phishing emails blend right in: When your people are working long hours and are under pressure to meet deadlines, spotting the fake stuff gets trickier.
Your team is stretched thin: More tasks mean less time to double-check security protocols.
Your 2024 Retail Cyber Security Checklists
Santa's not the only one making lists and shouldn't be the only one checking them twice either.
1) Update and maintain patching.
Make this non-negotiable. Routine preventative maintenance can address many known vulnerabilities.
2) Train staff on the heightened risk.
Remind them to be extra vigilant about phishing schemes and speak up if they suspect unusual activity.
3) Assemble an incident response team.
Assume an attack or breach is inevitable and put together a team now, so you're not scrambling to do so in the moment.
4) Create an incident response playbook.
Develop a plan for immediate triage. It should be brief, concise, and clear, with instructions on who does what and when for the first few to 24 hours. A 120-page document is too long. It should be brief and easily accessible. Print it out on actual paper. If the crisis plan is stored on your on-premises SharePoint, there's a good chance you won't be able to access it if you become compromised.
5) Take a supplier/partner inventory.
Know where your data is stored, who you're connected to, and how to sever those connections to pivot into alternatives quickly in the event a partner or service provider is compromised.
6) Conduct a rapid cyber security assessment.
Consider bringing in a third-party team to assess your status and online exposure and address the most urgent, low-hanging fruit as quickly as possible.
7) Mind the backups.
In a breach, backups are your lifeline to restoring operations. But only if you know where they're stored and how to easily access them. While restoring from backup can get you up and running, don't rush it. Without careful triage and planning, you could wind up resurrecting the threat actor.
8) Consider an Incident Response retainer.
Having an accredited incident response partner on your side can be invaluable for minimizing the impact on business operations during the Golden Quarter (or any busy spell). IR retainers can reduce the impact of a breach by nearly 60%. You'll want to get that agreement in place now so that they're onboarded and ready to go if/when the time comes. If you wait until an incident occurs, the incoming team will have a harder time mitigating the damage.
Your New Year's resolution list
Come February, it's time to start planning for next year and it's the prime time for implementing a long-term strategy to improve posture and preparedness ahead of next season's rush.
Arrange for first responder instruction. Ensure your incident response team is fully trained on what to do and what not to do when an incident occurs.
Conduct regular security assessments. Understand your vulnerability exposure and associated risk. Now's the time to test your systems and confirm they resist the most common and likely threats.
Run proactive simulations against your monitoring and alerting capability. Conducting attack simulations and test scenarios helps teams practice procedures and build response competency and confidence in their detection capability.
Tap into threat intelligence. Stay on top of the latest threats and vulnerabilities, and make sure you're building plans in response to what's actually taking place in the wild. Otherwise, you could be wasting time on low-value, low-likelihood attack targets and potentially exposing your prize jewels.
Review and optimize your architecture. Implement effective segmentation and containment protocols and assess your external attack surface. Mitigate any vulnerabilities and harden defenses.
Deploy incident response tooling. Facilitating the quick triage of hosts is essential to identifying and containing a compromise. Train teams how to properly isolate and investigate a threat, collect accurate and thorough data, and remain cautious not to destroy any evidence.
Stay safe and secure this holiday season
The holidays are coming, and the best gift you can give your retail business this Golden Quarter is the gift of cyber resilience. The retail sector's cyber security landscape demands a balanced approach between immediate tactical responses and strategic long-term planning.
By implementing our recommended security measures, retail organizations can better protect their operations during the seasonal period while building lasting security resilience.
• Start with our checklist above• Sign up for our IR retainer and workshop, and ensure help is available if you need it• Revisit and refresh your long-term cyber strategy in February, ensuring it's fit for purpose against your cyber threat landscape
Here's the best news – You don't have to do this alone.
We believe cyber security is a team sport. You should consider NCC Group your Golden Quarter cyber security elves, as we're offering a special gift to new retail customers: complimentary Cyber Incident Readiness and Response from September to December 2024. That includes a security workshop and 24/7 access to our NCSC-approved CIR Level 1 experts—because cyber criminals don't take holidays, and neither do we.
Comments