Retail

Context

Retail companies are undergoing a major transformation in a context of international competition from foreign e-commerce players. These revolutionize logistics concepts with delivery on D+1, the guarantee of having the goods on the shelf, in stock, the offer of a wide range of products, improving the understanding of customer behaviour, seamless, omni-channel sales methods, facilitating the customer experience throughout the entire purchasing cycle.

In addition to these direct value contributions, there are also the need to protect customer information that impacts their privacy (GDPR) and payment data (PCI-DSS).

Retail companies have invested heavily in customer flow monitoring, logistics and payment tools. Despite everything, they are therefore also dependent on their intrinsic resilience, their level of cyber protection and the associated technological debt (obsolescence).

Types of threats

A retail company receives a malicious file containing a ransomware such as Petya, Badrabbit, Wannacry. The file is opened by employees, executed and propagated over networks. Computers are encrypted, including cash register lines, workstations and logistics preparation and order management servers. The company is unable to collect customers (loss of revenue), meet delivery deadlines and the incident has an impact on its image.

Due to a vulnerability, information about orders and customer files are accessible without authentication from the e-commerce site. This flaw is discovered by a cybersecurity researcher. The incident causes a closure of the e-commerce site during the investigations, a probable audit of the CNIL, the sending of a letter to each customer of the database whose data has potentially been impacted, a loss of reputation and trust of customers and a legal impact with a risk of a fine potentially amounting to up to 4% of annual turnover.

    Retail trade companies use infrastructure IAAS to support internal or e-commerce platforms. These cloud provider services are elastic for ensure consistency between resource requirements and available capacities.

    A malicious person infects an instance IAAS Infrastructure in a cloud and compromises it. It creates an instance and installs a cryptominer on an IAAS VM of a retail company. The cryptominer consumes all available resources and induces overbilling of several hundred thousand euros.

    TEHTRIS protects the RETAIL sector

    In the case of ransomware, the eGambit platform makes it possible to detect the binary before its execution if it is a known threat or to detect it as soon as it is executed if it is an unknown threat; and to stop it at the first symptoms.  

    eGambit allows you to detect site vulnerabilities and configuration errors. Our cyber-defensive arsenal can detect an intrusion during the different stages of an attack. Before the production start, TEHTRIS experts can also perform intrusion tests.