了解审查用户访问时的关键注意事项. ...
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our 隐私政策.
What were the most common cyber attack patterns in the retail industry in 2023?
支持… 网络安全意识月在美国,我们正在审查各行业报告的事故. 本文的重点将是零售业.
With a wealth of payment data and countless entry points from e-commerce shops, 第三方供应商和实体商店位置, the retail industry is teeming with opportunities for threat actors to capitalize on for financial gain.
事实上,没有人会感到意外 Verizon 2023数据泄露调查报告 (Verizon DBIR) found that 100% of the reported incidents were financially motivated, 37%的人专门针对支付卡数据.
So, what were the most common cybersecurity attack methods in the retail industry in 2023?
根据Verizon 2023年的DBIR, nearly 90% of all reported incidents in the retail industry were from social engineering, 系统入侵或基本web应用程序攻击.
这是网络安全领域最常见的疑点之一, 社会工程是常见的, 但是非常有效, 策略. Threat actors prey on human nature to manipulate individuals into exposing sensitive information. 在零售业的背景下, this can include manipulating someone into providing access to customer databases with payment card data, 公司网络信息或客户凭证.
系统入侵似乎是一个直截了当的概念, but it’s still a commonly reported attack pattern that many retailers aren’t completely protected from. System intrusions involve cases in which a threat actor uses technological means to gain unauthorized access to a system or database. 大多被报道为黑客攻击或部署恶意软件, 这种攻击方法还包括勒索软件, 对零售商来说,这是一个日益严重的问题. 最近的一份报告显示,有一个 增加75% in the rate of ransomware attacks on the retail sector in 2022.
一个非常简单的攻击方法, basic web application attacks are akin to a smash-and-grab in the cybersecurity world – get in, 拿上货物,离开这里. 在零售业, web applications commonly take the form of an e-commerce website or app, 还有第三方网站, 插件, 供应商和供应链, 这一切都能hold住一个宝藏的支付, 个人及专有资料.
The good news is the risk of basic web application attacks can be mitigated with automated security tools, 多因素身份验证, best-practice controls and proactive incident response planning. While protective measures aren’t error-proof, they do offer some peace of mind.
This article is part of a series highlighting the most common cybersecurity incidents by industry and is based on data from the 2023 Verizon DBIR. 其他条款包括:
It is important to note that the data referenced is from organizations that chose to disclose incidents and data breaches.
关于网络安全意识月
自2004年以来, the United States and Congress have recognized October as 网络安全意识月 to raise awareness about the importance of cybersecurity in the public and private sectors and tribal communities. 今年是20周年th year anniversary of 网络安全意识月 and this year's campaign, 保护我们的世界, focuses on four ways to protect yourself, your family and your business from online threats.
相关资源
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, 包括渗透测试, 入侵防御/检测审查, ransomware安全, vulnerability assessments and a robust digital forensics and incident response team. 此外,我们的 数字取证和事件响应 teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
要了解更多信息,请访问我们专门的 网络安全 呼叫或联系团队 (电子邮件保护).
想要了解情况? 订阅我们的双周通讯, 关注网络安全.