Protect Your Retail Business: 3 Common Cyber Attack Methods to Watch Out for in 2023

What were the most common cyber attack patterns in the retail industry in 2023?

In support of Cybersecurity Awareness Month, we are examining reported incidents by industry. The focus of this article will be the retail industry.

With a wealth of payment data and countless entry points from e-commerce shops, third-party vendors and physical store locations, the retail industry is teeming with opportunities for threat actors to capitalize on for financial gain.

In fact, to nobody’s surprise, the Verizon 2023 Data Breach Investigations Report (Verizon DBIR) found that 100% of the reported incidents were financially motivated, and 37% specifically targeted payment card data.

So, what were the most common cybersecurity attack methods in the retail industry in 2023?

According to the 2023 Verizon DBIR, nearly 90% of all reported incidents in the retail industry were from social engineering, system intrusion or basic web application attacks.

Social Engineering and the Retail Industry

One of the usual suspects in the cybersecurity world, social engineering is a common, yet extremely effective, tactic. Threat actors prey on human nature to manipulate individuals into exposing sensitive information. In the context of the retail industry, this can include manipulating someone into providing access to customer databases with payment card data, company network information or customer credentials.

System Intrusion and the Retail Industry

System intrusion may seem like a straightforward concept, but it’s still a commonly reported attack pattern that many retailers aren’t completely protected from. System intrusions involve cases in which a threat actor uses technological means to gain unauthorized access to a system or database. Mostly reported as hacking or deploying malware, this attack method also includes ransomware, which is a growing issue for retailers. A recent report suggests that there was a 75% increase in the rate of ransomware attacks on the retail sector in 2022.

Basic Web Application Attacks and the Retail Industry

A very simple attack method, basic web application attacks are akin to a smash-and-grab in the cybersecurity world – get in, get the goods and get out. In the retail world, web applications commonly take the form of an e-commerce website or app, as well as third-party sites, plugins, vendors and supply chains, all of which can hold a treasure of payment, personal and proprietary data.

The good news is the risk of basic web application attacks can be mitigated with automated security tools, multi-factor authentication, best-practice controls and proactive incident response planning. While protective measures aren’t error-proof, they do offer some peace of mind.

This article is part of a series highlighting the most common cybersecurity incidents by industry and is based on data from the 2023 Verizon DBIR. Additional articles include:

It is important to note that the data referenced is from organizations that chose to disclose incidents and data breaches.

About Cybersecurity Awareness Month

Since 2004, the United States and Congress have recognized October as Cybersecurity Awareness Month to raise awareness about the importance of cybersecurity in the public and private sectors and tribal communities. The year marks the 20th year anniversary of Cybersecurity Awareness Month and this year's campaign, Secure Our World, focuses on four ways to protect yourself, your family and your business from online threats.

Related Resources

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected]

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2024 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
$1 Billion a Day: Unpacking the Financial Aftershock of the Change Healthcare Cyber-Attack
Get the Low Down Before You Download: Exploring the Temu App’s Security Risks
Six-Figure Ransomware Attack Hits Washington County, PA
Romance Scams: Guarding Your Heart and Wallet
A First of Its Kind: The $25 Million Deepfake Scam
Fortifying Retail Security: Essential Cybersecurity Tools and Software
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.