Retail convenience stores have been operating since the early 20th century as locations for customers to fill up with fuel, buy coffee and other items, etc. However, it is also true that many of these locations now serve as data hubs, connected to various networks of systems that provide services and information to retailers. With the announcement of the Data Breach of Gulshan Management Services, Inc. and the ongoing investigations into the attack, we see how much sensitive data retailers manage and why cyber criminals target this data.

Historically, retailers have approached cyber risk primarily as a means of reducing the potential for fraud; however, the depth and sophistication of today’s attacks may go far beyond this perspective and into the realm of identity theft, operational login information and access to entire networks being either sold or held for ransom. Once a criminal has established a hold on one point in the retailer's information system, they can leverage that hold to access other areas of the company’s information system to access sensitive information across many sites/location as long as the locations are connected to one another through a common centralized system.

The evolution of this shift in perspective regarding cyber risks did not occur overnight; it was primarily driven by how fast retail technology has changed over the past several years, from the introduction of new electronic payment terminals; cloud-based accounting; mobile ordering; to digital loyalty programs. Unfortunately, as technology continues to change rapidly, due to the introduction of new products and services in the retail sector, the development of security controls that protect against cyber threats was not as fast; consequently, vendors have been able to access a retailer’s systems without being required to provide comprehensive documentation regarding their security protocols. Over time, the original infrastructure of a retailer became much more complex in its connectivity and data access patterns, thus creating increased opportunities for cyber criminals to exploit these vulnerabilities.

The value of data drives the stakes higher. Employee records may contain Social Security numbers and other forms of identification. The payment environment also provides insights into how the transaction occurred. Customer loyalty programs link customers' information to their purchasing behaviours.

Ransomware groups know how retailers are under pressure to operate. If the retailers' systems go down, the retailers will have a hard time accepting payment, distributing goods and providing other services. The urgency caused by a retailer's inability to operate normally creates an environment whereby organisations are placed under stress when making decisions — which is what attackers are trying to exploit.

Strengthening your organisation's security starts by recognising that retail chains now hold customers' personal information. These organisations should take practical steps to secure their networks, such as segmenting networks, limiting access and permissions to systems, enforcing multi-factor authentication, providing ongoing training to employees about the risks of social engineering, and verifying that third parties provide secure systems. Implementing monitoring tools to detect anomalies can reduce the extent of damaging effects.

Consumers can also take proactive measures by enabling alerts for transactions, reviewing credit card statements for discrepancies, and taking breaches seriously. Many risks to businesses are not identified until months after an incident.

Retail is becoming more of an online business, and as cybercriminals continue to follow people everywhere they find valuable data, businesses that make the care of data a core value rather than just an extension of their IT department will be best prepared for the next wave of cybercrime.