Retail

Context

Retail companies are undergoing major competition from foreign e-commerce players as the digital market keeps growing. They revolutionize logistics concepts by offering next-day delivery, in-stock guarantee and a wide range of products, while better understanding customers’ behavior and experience throughout the entire purchasing cycle.

In addition to these direct value contributions, there is also the need to protect customer information that impacts their privacy (GDPR) and payment data (PCI-DSS).

Retail companies have invested heavily in customer flow monitoring, logistics and payment tools. Despite everything, they are still dependent on their intrinsic resilience, their level of cyber protection and the associated technological debt (obsolescence).

Types of threats

Case n°1

Malicious file received by email

A retail company receives a malicious file containing a ransomware program such as Petya, Bad Rabbit, WannaCry. The file is opened by employees, executed and spread over networks. Computers are encrypted, including cash register lines, workstations, logistics preparations and order management servers. The company is unable to collect customers (loss of revenue), meet delivery deadlines and the incident has an impact on its image.

Case n°2

Accessible customer data

Information about orders and customer files are accessible without authentication from an e-commerce site due to a vulnerability. This flaw is discovered by a cybersecurity researcher. The incident causes a closure of the e-commerce site during the investigations, a probable audit of the National Commission on Informatics and Liberty (CNIL), the sending of a letter to each customer whose data has potentially been impacted, a loss of reputation and trust from customers and a legal impact with a risk of a fine potentially amounting to up to 4% of annual turnover.

Case n°3

Cryptojacking – Overbilling of resources

Retail trade companies use IaaS infrastructure to support internal or e-commerce platforms. These cloud provider services are elastic to ensure consistency between resource requirements and available capacities.

A malicious person infects and compromises an instance IaaS Infrastructure in the cloud. It creates an instance and installs a cryptojacking on an IaaS VM of a retail company. The cryptojacking consumes all available resources and induces the overbilling of several hundred thousand euros.

TEHTRIS protects the retail sector

In the case of ransomware, the TEHTRIS XDR Platform makes it possible to detect the binary before its execution if it is a known threat or to detect it as soon as it is executed if it is an unknown threat; and to stop it at its first symptoms.

The TEHTRIS XDR Platform allows you to detect site vulnerabilities and configuration errors. Our platform can detect an intrusion during the different stages of an attack. TEHTRIS experts can also perform intrusion tests before moving into production.