You are here

Retail & HoReCa Mostly Exposed to Payment Data Leaks Globally

InfoWatch Analytics Center has released the first global report on confidential information leaks from Retail & HoReCa companies. Following the analysis of over 300 incidents that occurred in 2016-2017, InfoWatch experts found out that more than 100 million data records were compromised in these sectors, with the number of payment data breaches soaring in 2017 to reach 60% (vs. 40% in 2016) — the highest share of financial data leaks among all sectors in the world.

Today, the share of payment data leaks in these key consumer segments – Retail & HoReCa – is even higher than in the finance sector that has traditionally been considered as a primary target for sensitive information hunters,” said Sergey Khayruk, Analyst at InfoWatch Group. “The spike of payment data breaches from retail companies is due to the fact that they are actively undergoing digital transformation that involves the adoption of new payment and customer interaction methods, with skyrocketing data volumes being processed in Retail and HoReCa. Data storages are getting bigger and thus more attractive for criminals.

External attacks accounted for 55% of global incidents in the sectors under review, while insiders were behind 45% of breaches, with 70% and some 50% of all such cases involving financial information leaks, respectively. The most sensitive information (trade secrets and know-how) was leaked by employees five times more often than by external offenders.

In 2017, the majority (65%) of recorded Retail & HoReCa breaches worldwide were malicious by nature.

At the same time, according to the InfoWatch report, almost one in every 10 data leaks in these sectors globally was recognized as a skilled breach, which means involving data fraud or unauthorized access for personal gain.

Almost 75% of all global breaches in Retail & HoReCa happened through the network (browser or cloud).

External and internal offenders account for almost equal shares of attacks on Retail & HoReCa companies, with the most sensitive data being the main catch in both cases,” noted Sergey Khayruk. “While intruders mostly chase the-easiest-to-sell payment details, which can be quite easily obtained using phishing emails, skimming or fake websites, insiders can access the most valuable internal information and usually have time and tools to get prepared and bypass complex corporate information security systems, thus threatening the most business-critical information, which includes not only finance and personal data, but also enterprise trade secrets and know-how.

Russia suffered approximately 10% of all global breaches in Retail & HoReCa sectors, with internal offenders being behind all recorded incidents here and 42% of cases being of malicious nature. At the same time, the shares of accidental and skilled leaks in Russia were 2x and 4x higher, compared to the global breakdown. Report authors believe that the big share of accidental leaks can be explained by a rather low digital literacy and cyber hygiene of both users and goods and service providers in HoReCa, while a large share of skilled leaks indicates poor and insufficient protection. The experts also note that the Russian retail sector is still undergoing digital transformation as 50% of data breaches here involved paper documents.

Russia has just begun its digital journey, unlike Western countries that pioneered digitalization much earlier and now have better cyber hygiene and stronger corporate information security,” said Sergey Khayruk. “However, both Russian and foreign Retail & HoReCa enterprises face the same cyber threats, and while external criminals can be stopped automatically by technical security tools, internal attacks are impossible to repel without adopting relevant technical and organizational measures and improving digital literacy. In terms of technology, the most effective solution is a hybrid information security model that focuses on both data (protection against leaks, hacking and other external attacks) and people (technologies capable of monitoring human behavior using predictive analytics and other tools).

Full version, pdf - 1085 КБ