Retail cyberattacks drop 50% in 2014

The overall amount of retail cyberattacks has dropped 50 percent since 2012. However, hackers stole more than 61 million records from retailers, a rise of 43 percent, in the past year, according to a report from IBM security researchers.

The numbers do not even include the large data breaches that occurred at Target (NYSE:TGT), which compromised the payment records of 40 million customers, and Home Depot (NYSE:HD), which affected 56 million consumer debit and credit cards, reported ZDnet.

The majority of cyber attackers actually scaled back their efforts around Black Friday and Cyber Monday. Between Nov. 24 and Dec. 5, the number of attacks was 3,043, one-third less than the average of 4,200 in the same period in 2013.

In 2013, there were more than 20 breaches and several large breaches that caused about 4 million records to be compromised. In that same period in 2014, 10 breaches were disclosed, which resulted in more than 72,000 records being compromised.

The research shows that cyber attackers are becoming more sophisticated, using new techniques to obtain massive amounts of confidential information.

"The threat from organized cyber crime rings remains the largest security challenge for retailers," said Kris Lovejoy, general manager, IBM Security Services. "It is imperative that security leaders and CISOs in particular, use their growing influence to ensure they have the right people, processes and technology in place to take on these growing threats."

In 2014, the mode of attack preferred by hackers was Secure Shell Brute Force. And although there has been a rise in POS malware, the retail industry was vulnerable to Command Injection attacks, which were used in 6,000 total retail hacks.

Why retailers? IBM attributes the complexity of SQL deployments and the lack of data validation performed by security administrators as reasons why these databases are targets.

For more:
-See this IBM press release
-See this ZDnet article

Related stories:
Retail security still very much under attack
Add another to the list: Staples investigating data breach
Supervalu becomes latest data breach victim
Home Depot breach affects 56M debit, credit cards
The untold story of the Target data breach