Retailer Cyberattacks Shift From Quantity to Quality
ARMONK, N.Y. — Much to the surprise of many, cyberattacks against U.S. retailers dropped 50 percent during the past few years, according to new data from International Business Machines Corp. (IBM). However, hackers still stole nearly 61 million records in 2014.
IBM concluded this dichotomy demonstrates increasingly sophisticated and efficient cyber attackers who are now focusing more on the quality than quantity of attacks.
"The threat from organized cybercrime rings remains the largest security challenge for retailers,” said Kris Lovejoy, general manager at IBM Security Services. “It is imperative that security leaders and [chief information security officers] in particular use their growing influence to ensure they have the right people, processes and technology in place to take on these growing threats.”
IBM also looked at the period from Nov. 25-Dec. 5, a two-week timeframe including Black Friday and Cyber Monday, traditionally when heavy sales activity is taking place. The data showed there were 3,043 daily cyberattacks during this period in 2014, nearly one-third the 4,200 daily cyberattacks seen in 2013.
Although this reduction in cyberattacks appears to be positive, IBM stressed that the retail and wholesale industries emerged as the top industry target for attacks in 2014, replacing the manufacturing industry. The technology company believes this is a "potential result of the wave of high-profile incidents impacting name brand retailers."
Last year, the primary source of cyberattacks was unauthorized access via Secure Shell Brute Attacks, surpassing malicious code, the top choices of attacks in 2012 and 2013, reported IBM.
As for the retail sector, the Armonk, N.Y.-based company pointed to command injection, or SQL injection, as the method used for the vast majority of incidents. In fact, the command injection method was used in nearly 6,000 attacks against retailers in 2014.
IBM also saw a rise in point-of-sale malware attacks against retailers last year.