Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Understanding the Cyber Threat to Retailers
Retail is one of the most targeted sectors for cyber-attacks in 2021. The coronavirus pandemic has forced retailers to adapt to survive, regardless of their size. While smaller retailers have moved to card payments and online operations, larger retailers have focused on harnessing big data to achieve efficiencies and maximise profit margins.
This has introduced new threat vectors as retailers’ attack surfaces have expanded, and these threat vectors are being exploited by cybercriminals keen to steal money and confidential financial information. Data is the new currency for cybercriminals, who focus not just on money and goods but also customers’ personal data that can be stolen and sold online. And with high staff turnover and seasonal workers, retailers face threats from not just cybercriminals, but also insider threats.
In such a turbulent operating environment, retailers must take the necessary steps to ensure they mitigate the risk of data breach resulting in financial, operational and reputational damage. In this blog we will explore the cyber threat to retailers: who is attacking retailers, why, and how?
Given the valuable credit card data and Personally Identifiable Information (PII) they hold, along with the potential immaturity of their cyber security postures, retailers face a number of cyber threat actors on a daily basis. Here are two of the key types of attacker targeting retailers:
Like all industries, retailers face a constant threat from cybercriminals.
Given their relatively high staff turnover and use of season workers, retailers also face a threat from employees.
In 2021, ransomware is one of the most popular cyber-attack methods that cybercriminals use to target retailers. In a typical ransomware attack a target organisation’s network is penetrated by hackers, often by sending a phishing email to individuals in the organisation that contains malware, or sometimes through exploiting a vulnerability in the organisation’s network.
The malware enters the network and the attackers conduct reconnaissance and further activity to achieve the right access they need to execute the ransomware. Once this is done, the target organisation’s network is encrypted and effectively unusable until either a ransom is paid or the organisation reverts to backups to bring the network back online.
2019’s Norsk Hydro attack, in which operations at the large aluminium manufacturer ground to a halt when cybercriminals launched a successful ransomware attack on the firm, demonstrated the massive financial and operational impact ransomware can have on businesses, as the firm suffered millions of pounds in lost revenue and several months of operational turmoil. However, a relatively new trend for double-extortion ransomware attacks introduces a significant reputational threat to businesses, too.
Double-extortion first became a prominent tactic as a further method to make money from late-2019 onwards. In a double-extortion ransomware attack, the attackers threaten to leak stolen data onto the internet. The intention of double-extortion ransomware attacks is to shame target organisations into paying a ransom, even if the appropriate backups are in place to mitigate a traditional ransomware attack.
Many double-extortion ransomware attacks lead to sensitive data being publicised on social media. In mid-2020, there began to be an increasing trend for the publication of screenshots of the stolen data by cybercriminals and security researchers. This means that often the first public indication that an organisation has been hit by ransomware will be stolen sensitive information appearing on social media.
The cyber threat to retailers is real, and it’s getting worse. Cybercriminals are actively targeting UK retailers with double-extortion ransomware attacks, and will continue to do so as long as they remain a successful (and lucrative) attack method. In order to protect your retail business, you need to understand the risks you face. By understanding these risks, you can take steps to address them.
Six Degrees is a trusted cyber security partner to prominent retailers throughout the UK and beyond. We understand the cyber threat to retailers, and we regularly advise our retail clients on the hostile digital landscape in which they operate.
You can download our new Cyber Intelligence Report that covers the latest trends in ransomware attacks against the retail and manufacturing sectors for free here. We’ve also created a handy infographic that provides the information you need to protect your retail business from ransomware attacks.
We will soon be entering the peak trading period. How…
For retail businesses, delivering brilliant customer experiences depends on having…
It’s the biggest weekend of the year for online retailers.…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
