20 leading CISOs from the retail industry offer their perspective on evolving cyberattacks

According to the VMware Carbon Black Threat Analysis Unit (TAU), retail organizations may see a noticeable spike in attempted cyberattacks during the holiday season.

TAU’s analysis across VMware Carbon Black’s global endpoint footprint reveals that global retail organizations encountered a 20% increase in attempted cyberattacks during the 2018 holiday shopping season, continuing a trend we’ve been tracking since 2016.

In conjunction with TAU’s dissection of attack data, VMware Carbon Black conducted a survey measuring feedback from 20 leading CISOs from global retailers to determine how cyberattacks are evolving, how these CISOs view the threat landscape and what’s being done to stem the tide.

Of note from the survey, 73% of retail organizations said they’ve seen an increase in cyberattack sophistication over the past year, with 33% of these organizations saying they’ve experienced an island-hopping attack over the same time period.

And these attacks are potentially harming more than just brand reputation. 40% of surveyed retail organizations said they’ve lost revenue in 2019 as a result of a cyberattack.

As VMware Carbon Black has noted in previous vertical-specific reports, the dark web continues to compound the attack landscape. Underground providers are offering listings that could affect consumers and retailers including: credit-card skimming guides, counterfeit credit cards, financial-specific malware, and access to specific bank accounts via stolen credentials.

According to our survey, retail CISOs are combating these trends with increased headcount, budgets and, in some cases, the implementation of threat hunting teams. The following report presents the highlights of our latest research and includes specific recommendations for how retailers can enjoy a happy holiday season.