The Retailer Spring Edition 2022

THE RE TA I L ER

5 8

CYBERSECURITY NEEDS TO BE TOP OF MIND FOR RETAILERS

Danielle Papadakis Product Marketing Manager Mimecast

P repare Now for the 2022 Holiday Shopping Season

The Holiday Season Attack Vectors We Will See in 2022 While there are numerous attack vectors cyber criminals will turn to over the course of the year, some are retail-focused and particularly potent during the holiday shopping season: • Credential theft – Obtaining legitimate login credentials via phishing emails. • Credential stuffing – Using stolen credentials for one site to log in to other sites in the hope they will work because victims have reused username and pass word combinations. • Brand spoofing – Creating fake websites with URLs that appear legitimate, then using phishing emails to trick customers into providing their credentials. Bad actors can also target your employees in this way - as well as illegally using your owned domains to dupe them into sharing information. • Social engineering – Researching an organization and then pretending to be a victim’s colleague to trick them into providing personally identifiable information, log in credentials, or even to wire money to an attackers account instead of a vendor account. • Supply chain compromises – Using ransomware or some other breach to pose as a trusted supply chain vendor to access the organization’s network. These attacks can have a strong negative impact, including business/financial disruption, loss of data, and brand damage to retailers while they are striving to close out the year on a positive and profitable note.

The State of Email Security in 2022 Email-based cyberthreats like the ones described above cause havoc on a global scale. These attacks played major roles in cyberse curity breaches in 2021 and are continuing to do so in 2022. According to the survey con ducted for Mimecast’s State of Email Security 2022 report, phishing was one of the biggest culprits in 2021 with 36% of data breaches due, at least in part, to employee credentials stolen through a phishing attack, 96% of which occur through email. Phishing will continue to be the weapon of choice for attackers and ransomware and other forms of malware will continue to run amok in 2022. CanTheseAttacksBeStopped? Most cyberattacks can be stopped before causing damage, but unfortunately, no single solution is fool proof. There is noway that every retailer will successfully stop every attack that comes their way. But there are steps retailers can take to fortify their defenses. As stated above, no single solution is fool proof. But utilizing integrated solutions gives retailers a real chance of stopping most of the cyber security threats theywill face over the holiday shopping season. Retailers looking for brand protection and a means to stop cyberattacks must look to: • Security awareness training – Educating workers to spot the tell-tale signs of cybercriminals trying to steal their credentials. • Automated email security solutions – Deploying technology that automatically scans email content to identify and block malicious threats to worker inboxes. Retailers Need a Strong and Diverse Toolkit

‘‘

Cybercriminals love the holidays. People are distracted, organizations are hyper-focused on sales, and cybersecurity teams are over-extended and fatigued.”

Every year, sources report the next holiday shopping season will be the most challenging for retailers, yet every year, most retailers end up having better-than-expected sales. Will this year be any different?Will the doom and gloom predictions once again lead to better-than-ex pected sales for the 2022 holiday shopping season? While most retailers are hoping so, the annual arrival of the holiday shopping season, including peaks such as Black Friday and Cyber Monday also bring an increase in retail-focused cyberat tacks. Retailers should start preparing now. Cybercrime Will Continue to Torment Retailers in 2022 Cybercriminals love the holidays. People are distracted, organizations are hyper-focused on sales, and cybersecurity teams are over-extended and fatigued. There really is no better time for threat actors to launch an attack. This is why as retailers prepare for the holiday shopping season, they should also be readying themselves to combat the top cybersecurity threats that cybercriminals will be deploying in the hopes of closing out their year with record profits.

‘‘

Phishing will continue to be the weapon of choice for attackers and ransomware and other forms of malware will continue to run amok in 2022.”