Security research suggests one out of five breaches are cloud related and the retail industry continues to be one of the top sectors likely to be breached with the average cost totaling more than $2 million per breach.1 With 75% of databases expected to be deployed or migrated to the cloud by 2022,2 retail organizations must prepare for elevated breaches that will come with the expanded attack surface of the cloud.
The retail and e-commerce industry sees an average of 311 days before a breach is resolved; it takes nearly 8 months to identify a breach and around 3 months to contain it. Malicious attack is the largest contributing source of a data breach in the retail industry, comprising nearly 60% of breaches; human error and system glitches make up the rest.1
While organizations conduct business in dramatically different sectors of the retail and e-commerce industry, they are all dealing with similar, very desirable, sensitive data.
99% of Retail Breaches Are Financially Motivated
The overwhelming majority — read 99% — of threat actors in the retail industry are financially motivated (other breaches are tied to reasons of espionage)3 and no part of the retail and e-commerce industry is immune from attack.
Although data shows attacks on web applications are occurring more frequently than point of sale devices,3 these systems, payment processors, and even brick and mortar stores are all vulnerable; personal and payment data are frequently compromised. Oftentimes, retail data includes billing and shipping information that can include names, emails, phone numbers, and addresses of customers.
A customer who enters their credit card number for an online purchase, swipes to buy gas, or uses plastic to pay for dinner can have their payment data run through multiple financial systems owned by separate organizations all in one day with no guarantee of security.
While a single credit card number could go for as little as $1 on the dark web, a database with more complete records may fetch hundreds or thousands of dollars, all depending on amount, completeness, and targeting. If attackers can get their hands on data that forms a complete profile of an individual, the cache of information is much more valuable.
According to research from Security Metrics, captured cardholder data was sold for an average of 532 days during which time it could be bought and resold dozens of times.
Generally speaking, cloud misconfiguration and stolen or compromised credentials are the most frequently used gateways for malicious data breaches.1
Additional threats faced by retail and e-commerce organizations are bountiful and can include (but aren’t limited to):
- Exploitation of vulnerabilities (e.g., unpatched software; SQL injection)
- Brute force attacks
- Third-party software vulnerability
- User error and social engineering
- Spam/phishing emails
- Botnets and DDOS (Distributed Denial of Service) attack
- Persistent remote access
Protect Data Where it Lives
Having a real-time overview of the cloud environment, configurations, and live activity is critical to reducing risk and preventing an attacker from exploiting the infrastructure.
Designed specifically for public cloud databases, SecureCloudDB provides real-time Database Activity Monitoring and security posture management. Key features include:
- Vulnerability Assessment & Remediation: Audit databases, backups and configurations against CIS benchmarks, AWS best practices, proprietary policies; automate remediation
- Database Activity Monitoring (DAM): Discover and mitigate internal and external threats in real time
- PCI Compliance Assurance: SecureCloudDB enforces, or assists in enforcing, the requirements and sub controls within the PCI-DSS compliance standard, version 3.2.1