There has been a massive uptick in targeted cyber-crime, according to a new report, with the retail industry now becoming one of the most lucrative targets.
The mid-year OverWatch report from leading cloud-delivered endpoint protection company, CrowdStrike, found that cyber-crime campaigns – in particular, ransomware – are on the rise and the retail industry has received a share of new attention.
In 2018, retail didn’t make the top 10 verticals list by prevalence in cyber-crime; by comparison, in 2019, it’s been ranked fourth, behind technology, telecommunications and non-government organisations.
CrowdStrike has a dedicated 24/7 hunting team of security experts, CrowdStrike Falcon OverWatch, that offer organisations the capability to proactively search for threats and find attacks faster than using conventional automated-only methods. The OverWatch report provides a deeper understanding of the motivations, objectives and activities of cyber criminals, aimed at informing companies on how to proactively defend themselves.
CrowdStrike Australia vice president – technology strategy, Michael Sentonas shared some tips with Retailbiz on how retailers can protect themselves from cyber criminal activity.
- Basic hygiene still matters
Retailers have a responsibility to safeguard customer data and should be constantly improving their standard security controls, according to Sentonas. “Many retail environments still need to use multi-factor authentication for example and ensure stronger password protection of security software. Understand your vulnerabilities too, through user awareness programs, checking the age of software, as well as patch and asset management,” he said.
- Leverage the capabilities of existing security tools
Retailers should investigate protection features they already have and those on offer in today’s market. “It’s unsettling to see the retail industry become severely impacted by cyber-crime because they weren’t able to activate blocking and security features already available,” he said.
- Look beyond malware
As attacks continue to evolve, retailers should be alert and prepared for threats beyond a malware problem. “In fact, 40% of all CrowdStrike detections in 2018 indicated malicious software that typically goes undetected by traditional antivirus.”
- Survival of the fastest
CrowdStrike is seeing criminals move from end to end within 18 minutes, so a key focus is responding swiftly. “At CrowdStrike, we implement the 1/10/60 challenge framework; minutes it takes us to detect, investigate and remediate an intrusion. Every second counts so it is vital to investigate as soon as an anomaly is seen.”
- Look for partners to fill the talent gap
Retailers should not rely solely on technology itself to solve cyber challenges. “Successful enterprises often take opportunity in partnering with external solution providers to fill skill shortages and ensure the best protection in a cost-effective manner.”