CyberScout

Supply Chain Vulnerabilities Leave 1 in 3 Retailers Exposed to Data Breaches

Supply Chain Vulnerabilities Leave 1 in 3 Retailers Exposed to Data Breaches

As retailers gear up for the holiday shopping season, cybercriminals lurk as an unknown threat for point-of-sale systems and computer networks. With the value of financial information on black markets, criminals are likely to exploit security flaws in retailers' POS systems using phishing, malware and other hacking tools. 

A recent study by IT security firm BitSight Technologies found 1 in 3 retailers may be vulnerable to cyberattacks because of security flaws at their third-party vendors. 

The study highlights the importance of ensuring strong cybersecurity for all parts of the supply chain, not just the company's headquarters or stores. 

Vulnerabilities at Third-Party Vendors
In the past, retailers struggled with keeping their payment systems secure because of supply chain risks. The Target data breach that exposed the information of 110 million people began after cybercriminals stole the credentials of the company's third-party vendor. After acquiring the necessary login information, they were then able to upload malware onto Target stores' POS systems, allowing them to access millions of payment card numbers. 

A similar scenario played out at the Home Depot data breach that compromised 56 million customer payment card records and 53 million customer email addresses, KrebsOnSecurity reported. Cybercriminals in the Home Depot breach stole the third-party vendor's password and username to gain access to its network and then discovered a flaw in Microsoft Windows that gave them the access to customer information. 

Are Security Improvements Enough?
While one-third of retailers in the BitSight Technologies survey were exposed to attacks from their third-party vendors, companies noted some improvements that could prevent cybercriminals from causing data breaches. 

The survey found almost 3 in 4 retailers that reported a data breach ramped up their security after the incident. 

"While it's encouraging that a majority of the breached retailers have improved their security effectiveness, there is more work to be done, especially in the area of vendor risk management," said Stephen Boyer, co-founder and chief technology officer of BitSight. "This trend in retail highlights the importance of proactive measures such as industry and peer benchmarking, as well as continuous monitoring of one's supply chain."

Although their security has been enhanced, companies still face growing threats that could endanger customer and corporate information. The survey found malware server infections increased 200 percent while botnet infections also rose 29 percent. 

In addition, companies face the growing challenge of responding to threats fast. The report found there was a 5 percent rise in the time it took for IT security teams to address attacks.