The retail sector in the UK is thriving. Three million people work in the retail industry in the UK, which adds up to around one-in-ten of the working population.
There are almost 300,000 retail outlets in the UK, generating a massive £3.5 billion of retail sales, which amounts to 5% of total UK GDP.
Such a large economic powerhouse provides a very tempting target to cyber criminals looking for enterprises that they can hack into to steal money or, more likely, information on corporate or customer identities and bank payments details.
In 2014/15, the BRC Retail Crime Survey reported a 55% increase in reported cyber crime against the British retail industry. Given the under reporting that is a general problem with cyber crime against business, this is almost certainly an under estimate. The BRC concluded that a majority of retailers had experienced an increase in cyber attacks and reported that most retailers regarded these attacks as a critical threat to their business. Hacking and theft of data were seen as the most critical threats.
Along with many other industries, the retail sector, has been taking increasing steps to harden their corporate security perimeter against the cyber threat, with the routine use of anti-virus software and firewalls. The increased difficulty of breaching perimeter security and the increased human resources available to cyber criminals has combined to produce a new point of attack, focussing on the weakest link in the corporate security chain, human beings rather than technology. So-called “social engineering” relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is the art of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques.
The retail sector is especially vulnerable to this trend with its army of potentially vulnerable employees and its large customer databases, both of which provide a very tempting target for the hackers. With such a large and diverse employment base, variety in working hours and practices, this can sometimes provide an easy target for the growing number of cyber hackers looking to get around corporate security perimeters through the use of social engineering.
retail TRUST is a trade charity that aims to improve the wellbeing of employees in the retail sector, providing advice and support to both them and their employers. They have recently begun to tackle these new threats to their employees and those they work to support in the sector, by implementing a leading edge behavioural threat monitoring solution to trace and track suspicious activity on their own IT networks.
Having reviewed current security measures, retailTRUST has seen the benefit from both the organisation and employee perspective in implementing a behavioural threat monitoring solution delivered by Transputec called ThreatSpike.
- Leading-edge monitoring solutions can provide proactive intelligence to prevent unauthorised activity from taking place. This protects both the employee and the company from becoming victim of the cyber attacker.
- A successful cyber attack will have negative consequences on the employee as well as the company, even if no fault is attributed. The business will suffer financially and could even go out of business, with the employee losing their job as a result.
- If the employee has been merely negligent, then this might well have disciplinary consequences in accordance with their terms of employment. High level protection will help to prevent this negligent from happening or spot it quickly and minimise the consequences.
- The latest monitoring solutions will trawl a network and provide hard evidence of both current and backdated suspicious or unauthorised activity. This comprehensive data trawl will catch the guilty, but will also provide grounds to clear someone who has been falsely accused without proper evidence.
Head of Cyber Security, Transputec
The full version of this article first appeared in City Security Magazine – Issue 61 – Autumn 2016
See this interesting infographic on the 10 biggest cyber crime and data breaches till date.