By Christine Kerncontributing writer
Retail experienced nearly three times as many attacks as the financial sector in 2015.
Retail has surpassed the financial sector as the top target for cybercriminals, experienced nearly three times as many attacks as their financial counterparts, according to new research published by NTT. The NTT 2016 Global Threat Intelligence Report saw the retail sector topping the list of all cybersecurity attacks on all sectors at just under 11 percent in this latest report, while the finance sector toppled from first place to fourteenth position.
“The retail and financial sectors process large volumes of personal information and credit card data. Gaining access to these organizations enables cybercriminals to monetize sensitive data such as credit card details in the black market, which validates that cybercriminals are motivated by the rewards of financial crime,” according to Matthew Gyde, Dimension Data’s Group Executive – Security.
The annual Global Threat Intelligence Report collected data on security threats during 2015 from 8,000 clients of NTT Group security companies, including Dimension Data, Solutionary, NTT Com Security, NTT R&D, and NTT Innovation Institute (NTTi3), and is based on 3.5 trillion security logs and 6.2 billion attacks. Additional data is provided by 24 Security Operations Centers and seven research and development centers of the NTT Group.
Rory Duncan, Head of Security Business Unit at Dimension Data UK, said “Retail companies are becoming increasingly popular targets as most process large volumes of personal information, including credit card data, in highly distributed environments with many endpoints and point-of-service devices. Such diverse environments can be difficult to protect.”
Among the most alarming findings in the NTT Group report is the fact that many business vulnerabilities were sitting on corporate IT systems for years, just waiting to be exploited. The data showed that nearly 21 percent of vulnerabilities were more than three years old, more than 12 percent were over 5 years old, over 5 percent were more than 10 years old, and some date back as far as 16 years, the report found.
The NTT 2016 Global Threat Intelligence Report also found that:
And while the data for this report was collected before the EMV transition was implemented in October 2015, it did include data from countries that had already migrated to EMV. Retailers are also acutely aware that the switch to EMV is not a perfect security solution, given the realities of today’s cybersecurity risk. Cyberthieves will find the existing liabilities and exploit them under whatever system is in place.