The number of cyber attacks on retailers — and along with it, the number of consumers victimized by them — dropped last year as hackers appeared to focus on smaller, softer targets.
Online thieves also demonstrated a marked decline in activity during the two weeks beginning Nov. 24 that include both Black Friday and Cyber Monday.
According to a pair of reports prepared by analysts at IBM’s Managed Security Services unit, the number of attacks on U.S. retailers last year stood about half of their 2012 level, although the number of records compromised by hacks dropped less dramatically, to about 61 million from 73 million in 2013.
Related Articles
IBM noted when attacks involving more than 10 million records — such as those that hit Target Corp. in 2013 and The Home Depot last year — were eliminated from the data, the number of compromised retail records increased more than 43 percent over 2013.
You May Also Like
IBM noted a significant decline in attacks during the two-week period that bookmarks Black Friday and Cyber Monday, with the number of breaches down to 3,043 a day from 4,200 a day during the comparable period in 2013.
RELATED CONTENT: WWD Research Roundup >>
Looking at only Black Friday and Cyber Monday, there were more than 20 breaches that drove the number of compromised records up to nearly 4 million in 2013, figures that slid to 10 breaches and just over 72,000 records last year. The Target breach of 2013, believed to have involved about 40 million records, included Black Friday, Nov. 29. Home Depot’s breach stretched over several months and might have compromised 56 million records, but it was reported and malware removed from its systems by early September.
“The threat from organized cyber crime rings remains the largest security challenge for retailers,” said Kris Lovejoy, general manager of IBM Security Services. “It is imperative that security leaders and [chief information security officers] in particular use their growing influence to ensure they have the right people, processes and technology in place to take on these growing threats.”
The IBM report also noted a change in tactics among the digital criminal set, with what are known as Secure Shell Brute Force attacks, in which systems are flooded with possible log-in information, last year becoming the preferred means of attack, supplanting malicious code, the primary method employed in 2012 and 2013. IBM said its security teams monitor more than 20 billion security incidents daily.