News Feature | May 5, 2016

New Research Demonstrates Retailers Have Passed Financial Industry As Top Cybercrime Target

Christine Kern

By Christine Kern, contributing writer


Retail experienced nearly three times as many attacks as the financial sector in 2015.

Retail has surpassed the financial sector as the top target for cybercriminals, experienced nearly three times as many attacks as their financial counterparts, according to new research published by NTT.  The NTT 2016 Global Threat Intelligence Report saw the retail sector topping the list of all cybersecurity attacks on all sectors at just under 11 percent in this latest report, while the finance sector toppled from first place to fourteenth position.

 “The retail and financial sectors process large volumes of personal information and credit card data. Gaining access to these organizations enables cybercriminals to monetize sensitive data such as credit card details in the black market, which validates that cybercriminals are motivated by the rewards of financial crime,” according to Matthew Gyde, Dimension Data’s Group Executive – Security.

The annual Global Threat Intelligence Report collected data on security threats during 2015 from 8,000 clients of NTT Group security companies, including Dimension Data, Solutionary, NTT Com Security, NTT R&D, and NTT Innovation Institute (NTTi3), and is based on 3.5 trillion security logs and 6.2 billion attacks. Additional data is provided by 24 Security Operations Centers and seven research and development centers of the NTT Group.

Rory Duncan, Head of Security Business Unit at Dimension Data UK, said “Retail companies are becoming increasingly popular targets as most process large volumes of personal information, including credit card data, in highly distributed environments with many endpoints and point-of-service devices. Such diverse environments can be difficult to protect.”

Among the most alarming findings in the NTT Group report is the fact that many business vulnerabilities were sitting on corporate IT systems for years, just waiting to be exploited. The data showed that nearly 21 percent of vulnerabilities were more than three years old, more than 12 percent were over 5 years old, over 5 percent were more than 10 years old, and some date back as far as 16 years, the report found.

The NTT 2016 Global Threat Intelligence Report also found that:

  • Nearly two-thirds (65 percent) of attacks originated from IP addresses within the US.; however, Cybercriminals are adopting low-cost, highly available, and geographically strategic infrastructure to perpetrate malicious activities, so they could be hacking from anywhere in the world.
  • 2015 saw an 18 percent increase in malware across all industries (excluding education), as cybercriminals are increasingly leveraging malware to breach the perimeter defenses.
  • The frequency and complexity of malware is becoming more stealthy and sophisticated: while organizations are developing sandboxes to better understand cybercriminal’s tactics to protect themselves from attacks, at the same time, malware developers are aggressively developing anti-sandbox techniques.
  • Analysis of honeynet attacks in organizations reveals that attackers are making use of telcos and hosting providers to conduct their operations.

And while the data for this report was collected before the EMV transition was implemented in October 2015, it did include data from countries that had already migrated to EMV. Retailers are also acutely aware that the switch to EMV is not a perfect security solution, given the realities of today’s cybersecurity risk. Cyberthieves will find the existing liabilities and exploit them under whatever system is in place.