We’ve heard it again and again: when it comes to industry verticals, hackers don’t discriminate. They’ve hit healthcare providers, non-profits, government entities and the financial sector. Over the past few years, however, it is clear that one industry has been singled out as a favorite above the rest.

By gaining access to point-of-sale (POS) systems at Target, Home Depot, Neiman Marcus, Staples and Michaels, hackers have made their mark on the retail and ecommerce industry. Last year, the retail industry accounted for 79.9 percent of records stolen – totaling more than 68.2 million compromised records. The next highest industry on the list, the healthcare sector, only accounted for 9.7 percent of total records. But why do hackers continue to target retailer data?

Hackers follow the money

It’s important for retail and e-commerce brands to understand why the sector is such a valuable target for hackers; then these brands can learn how to stop breaches. There is a reason that hackers go after retailers and consumer-facing businesses – there is a massive quantity of data available to steal and then sell for profit on sites such as Pastebin.com. Every purchase, return and credit card registration is logged and stored within a retailer’s network, but hackers are no longer just looking for credit card numbers; loyalty cards and rewards memberships – which contain passwords and other personally identifiable information – can be used by hackers to turn a profit.

Retailers, both large and small, provide this bounty of data to hackers more than any other industry. Where large retailers such as Home Depot and Target collect massive amounts of data, smaller online and brick-and-mortar organizations are typically easier to breach and do not have the resources to fight back against a hacker, even once an attack is identified. Some smaller retailers have chosen to outsource management and handling of credit card data to third parties. This doesn’t mean there aren’t consequences for a small business that has a data breach. It’s the small business—not the outsource company–that will have to notify customers and risk losing customer trust. In addition, contact information collected can be used for social engineering for perpetrating fraud. 

Threats to third-party systems

If large retailers have this wealth of data, why don’t more of them do a better job of protecting it? For one, retailers themselves are not the only ones touching customer credit card numbers and personally identifiable information. The compromised POS systems that have led to retail data breaches play a major role in retailers’ security, as do mobile optimization proxies and other third-party tools used to streamline the purchasing process. Payment card industry (PCI) compliance requires segmentation and control actions between a network that handles POS data and the corporate network.  For this to work properly, there must be some form of administrator access to the data and the underlying systems so that data can be reviewed and the supporting infrastructure updated. However, if a compromised credential has access to the data or the systems, network segmentation and access controls won’t stop an attack.

Shortening the time to detection and analysis

Stolen credentials (a tactic used in 76 percent of all network intrusions in 2013) are a main factor in so many breaches because these credentials give hackers the ability to move throughout a network undetected and lengthen the time-to-detection of a breach. Retailers and e-commerce brands must begin thinking and acting as if they have already been breached.

User and entity behavior analytics (UEBA or UBA) tools can help with detection. With custom algorithms and machine learning technology that strengthens over time, UEBA tools can learn to distinguish between a normal user and an attacker using the same credentials to maliciously move through a network. The sooner UEBA tools notice anomalies, the sooner a breach can be determined. If hackers are identified in an early reconnaissance stage of an attack, an organization can take steps to move and secure its confidential data before a breach occurs.

Another important part of a UEBA solution is its ability to piece together the use of compromised accounts by attackers, security alerts and asset access characteristics and behaviors. When retailers can do this and then place the events on a timeline, the time between the detection of the breach and the analysis phase by security analysts or consultants can be shortened dramatically. This can halt attackers from stealing additional data and speed up the time to containment.

What can retailers do?

Breaches happen, but they are not completely unpreventable. Retailers must remain diligent, monitoring their networks for anomalous access behaviors and activities that could be the result of a hacker using stolen credentials obtained through a malware, phishing or a social engineering scheme. Better awareness of security posture will lead to quicker responses and detection, as well as better protection for customer, employee and partner data.

Exabeam provides technology designed to analyze user behavior, detect attacks and accelerate response to attacks.

Favorite