The use of artificial intelligence (AI) by perpetrators of cyberattacks is increasing the threat to retailers and their customers, according to a cybersecurity industry leader.
Speaking on an episode of GlobalData’s Instant Insights podcast, Charlotte Wilson, head of enterprise sales at cybersecurity company Check Point Software, said that while the form that cyberattacks take has not changed a great deal, AI is being used to make them more effective.
Go deeper with GlobalData
“I think they’re getting far more advanced and highly personalised because of AI,” said Wilson. “If you take this retail attack, any of the retailers right now, the primary attack is to get the money from the retailer to free up access back to their information, and that’s the ransomware itself for the company, the retailer, to pay or not pay or negotiate.
“The secondary attack is all that information that has been gathered can then be sold to other people that then might do a secondary activity with it. And that’s where some of the sophistication comes in. That’s where social engineering comes in.”
Social engineering from retail cyberattacks
Social engineering is the practice of deceiving and manipulating individuals into performing specific actions. It is a well-known tactic of email scammers who purport to be people or companies that they are not to trick victims into giving them personal information.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataOf the role of retail cyberattacks in facilitating this, Wilson explained: “There’s the first attack, which is to the retailer. The secondary attack is to you and me, the mums and dads, brothers and sisters, the consumer – and AI is making them something you’re more likely to click on because they’re much more personalised.
“It could be so much as, ‘I see that you bought this in the last time that you visited our store. We hope that was great for you. Here’s some personalised offers for you based on what you like to shop for,’ and if I’ve got access to you as a loyalty scheme customer, I probably know quite a bit about you.”
UK retail cyberattacks
Wilson was speaking on the episode following the recent spate of cyberattack targeting UK retailers including Marks and Spencer, Co-op and Harrods. They are thought to have been perpetrated by a group known as Scattered Spider using a ransomware-as-a-service platform called DragonForce, of which Wilson says: “There will be operators that design the ransomware attacks and the malware, and then there are affiliates that will go and use those and exploit it and hold people to ransom. They sometimes have a profit-share model, so it’s a profitable way of doing cybercrime.”
Despite widespread coverage of the recent attacks, Check Point, which carries out its own cybersecurity research, finds retail to be only the fifth most hacked industry at present.
“It’s way, way behind education, government and healthcare,” said Wilson. “So, it’s actually not the biggest attacked. We think they’re dealing with about 300 attacks per week. It starts to get into the 1000s when you start to get into the other industries.
“However, obviously once you’re in you can hold to ransom at a higher rate because it’s so much more public, and you can see just the press at the moment is reporting the retail hacks pretty much every other day.”
Retail cybersecurity
Wilson went on to explain that retailers are at a particular disadvantage as they typically have a much larger potential attack surface than businesses in other industries.
“Retailers have an incredibly hard job because they’re dealing with so many different suppliers of varying degrees,” said Wilson. “The networks are dynamic. They have lots of things attached to them, so I think they have a really complex job, and, from a hacker’s perspective, the path of least resistance is the one they’ll choose.
“If you’ve got lots of things that you have to maintain, you have to make sure are patched, secured and controlled across many different interfaces, it’s much easier for you to have something that isn’t as up to date as it should be, or isn’t as protected as it could be, they’re much more susceptible to mistakes.”
Wilson gave two main recommendations for retailers to help keep their cybersecurity tight.
“One clear thing they can do is monitor the third-party access to their networks,” she said. “One challenge that retailers have that is unique is that some of the suppliers to them might be quite small, and so may not hold the same level of security in their organisation as maybe the retailer is.”
In addition, she noted that collaboration between security and IT teams when patching vulnerabilities is required is not always adequate. Wilson is of the opinion that the handling of common vulnerability exploits (CVEs) – vulnerabilities that are identified and need to be patched – often fails as a result of miscommunication or misunderstanding between the two teams within a business.
“I just think the CVE part never really gets taken all that seriously,” she explained. “That bit, for me, is a big thing. If it’s being handled by your IT team as opposed to your security team, I think it’s important that the security team stress the need for those certain CVEs that are critical to get patched and sorted, or to put those people outside of a blast zone.”
