The pandemic has accelerated digital transformation for retailers and further shifted consumer buying habits online, which has expanded their attack surface and heightened the number of vulnerabilities and risks of a breach. This breach should serve as a reminder for all retailers to evaluate their security processes.
Many retailers are relying on new systems that were built on the fly as organizations adapted to the customer requirements of the pandemic. As a result, these systems often haven’t been properly tested in high-volume transaction environments before. Speed is the natural enemy of security, and retailers must beware of increased risks of DDoS attacks, ransomware, fraudulent purchases, phishing campaigns impersonating retailers.
Retailers can adopt a “neighborhood watch” approach to security, engaging outside ethical hackers and even the general public to proactively disclose vulnerabilities before cybercriminals can exploit them. This allows retailers to discover security issues before the adversary does, protect their users, and avoid a disrupting breach. As we have seen with this attack, failing to ensure security at the scale needed will grant attackers access to large quantities of customer information and data such as social security numbers, driver’s license numbers, passport numbers, and/or financial account numbers, as well as the ability to inject ransomware into the retailer’s networks.