With the holiday season underway, retail companies are busy trying to attract customers with sales and promotions. At the same time, another group will be busy but with more nefarious intentions, and those are cybercriminals targeting the sector. In fact, the retail industry is the most vulnerable one for cyberattacks with more incidents recorded this year than against any other sector. A report released Thursday by IntSights describes some of the threats facing retail companies and how they can better protect themselves. One of the top threats that retail companies face are cybercriminals in the form of organized retail crime (ORC), IntSights said, costing retailers around $30 billion each year.
When people think about hackers and their targets, most assume cybercriminals are after bank account numbers or financial institutions. But a new study from cybersecurity firm IntSights shows hackers are now honing in on healthcare institutions for lucrative information to steal. IntSight's new research report "Chronic [Cyber] Pain: Exposed & Misconfigured Databases in the Healthcare Industry" looks at what methods cybercriminals are using and what healthcare organizations can do to protect themselves. "If you would have told me 15 years ago, 'Hey let's go target the database manager for this insurance company,' I wouldn't even know where to begin," said IntSight chief security officer Etay Maor. "But today, I go online, and there's websites and free software which will map it out and give you an organizational chart from CEO to secretary, all based on Linkedin information and other things. Working out spearfishing attacks then becomes easy at that point," Maor continued.
Since 2010, billions of sensitive files, personal information and account details have been leaked thanks to devastating hacks and damaging breaches. As more sensitive personal data has made its way online, the size and impact of breaches has steadily increased throughout the decade. Attacks have hit almost every sector and show no signs of slowing down as more people are forced to entrust the safety of personal information to various websites. "For me, the largest hacks of the decade are not just the ones that were the biggest, but the ones that were game-changers in how we approach security. If we had this talk 10 years ago, we would be blown away by the numbers, but now, the numbers don't really affect us that much," said Etay Maor, chief security officer at the cybersecurity firm IntSights.
If you're the CEO of a company, here's another threat you need to worry about: hackers trying to recruit your employees for insider-related crimes. Researchers at security firms RedOwl and IntSights have noticed growing activity from online black market dealers trying to recruit company employees for insider trading and cashing out stolen credit card numbers. These dealers are appearing on underground forums located on the dark web, which are accessible through Tor, a browser designed for anonymous web surfing, according to the researchers, who published their findings on Tuesday. Hackers in these underground forums have been looking for employees to collude in insider trading to make educated stock market bets. "According to the group's manager, there are members who make more than $5,000 USD a month using the leaked information," the research report said.
Black Friday has rapidly become the most lucrative day of the year for retailers around the world thanks to America's growing obsession with after Thanksgiving shopping. The numbers from the days around Black Friday last year are eye-popping. Retailers brought in $6.22 billion in online sales on Black Friday and another $7.8 billion on Cyber Monday. Americans have now become so eager that the cash is starting to roll in on Thanksgiving Thursday as well, with over $3.7 billion in sales made last year, a 28% rise compared to 2017 according to CNBC. For some companies, the single day can now represent up to 30% of their yearly sales.