Retail
NAICS 44-45

Our society, indeed the entire globe, has seen an astounding amount of change over the last couple of years. The Retail industry, on the other hand, has not, at least when it comes to breaches. As tempting as it was to simply cut and paste our findings for this industry from last year’s report, we bravely refrained from doing so. Nevertheless, while the needle has not moved very much from when we last looked at it, there are a few noteworthy findings. 

Social attacks, roughly split between Phishing (53%) and Pretexting (47%), have been on the rise over the last few years in the Retail industry: 7% in 2016, 13% in 2018, 29% this year. This accounts for Social Engineering’s position in the top three patterns. Therefore, as one might expect, Credentials are the top data type compromised in this vertical. In many cases those Credentials are later utilized to hack into servers and load ransomware (47%). Then the criminals sit back and wait for a big payday. 

One interesting finding this year is that the Malware enumeration of “Capture app data” in the Retail industry is 7 times higher than the other industries. This goes some way to explain why the System Intrusion pattern is ranked at first place in this industry. The “capture app data” functionality is one that we commonly see in Magecart-type attacks, in which the attacker will typically exploit a vulnerability, use stolen credentials to gain access to an e-commerce server and then just chill there and take a little sumpin’ sumpin’ for themselves, almost always payment card data. 

Finally, when a company in the Retail industry learns that they have become a victim, it’s via fraud detection mechanisms (e.g., Common Point of Purchase (CPP) or law enforcement) more than any other industry. This is perhaps a rather intuitive finding given the fact that retail is responsible for so many transactions, but it is noteworthy nonetheless.