A new analysis of the retail market’s threat landscape discusses the challenges faced by this industry and what threat tactics are being used to take advantage of retail’s cyber weaknesses.
Not every report needs to have stats on the state of how bad things are. In fact, it’s quite refreshing for a report to simply state what kinds of attacks are transpiring and what the reader can do to mitigate such threats. And that’s exactly what you have in Trustwave’s Retail Threat Landscape report.
Some of the more interesting pieces of information in the report relevant to us include:
- 70% of phishing emails contain malicious HTML attachments
- Trustwave identifies 4,000 to 10,000 malicious phishing URLs daily
- Credential Access is involved in 30% of all attacks in the retail space
- Remote Desktop Protocol (RDP) Accounts are the most prevalent types of initial access being sold targeting retail organizations. They comprise 34% of the type of access being sold in underground marketplaces
Now, zooming back out to the larger value of this report, Trustwave does a great job highlighting the various attack methods and threat actors by walking the reader through each of the common phases of the attacks seen by Trustwave analysts. And for each, they do provide mitigations to help retail organizations reduce their risk.
One such recommendation to mitigate the threat of phishing is close to my heart: “Consistently conduct mock phishing tests to assess the effectiveness of anti-phishing training and retrain repeat offenders.”
This means organizations should be a) having employees take security awareness training, b) should include simulated phishing testing as a feedback loop on the training’s effectiveness, and c) have those users that continually fail the testing retake the training to engrain the need to remain vigilant into their daily interaction with email and the web.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.