With Retail Digital Transformation and Highly Personalized Consumer Experiences, New Threats are Surfacing

March, 2023
Author: Jeff Li

At the turn of this century, the retail industry was one of the prime targets for cyber attackers in physical stores and online, even though e-commerce was still new. Criminal rings systematically attacked POS systems, for example, and stole credit card information.

The volume and velocity of those early attacks drove regulators to pass legislation, including PCI-DSS, which is now commonplace. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard used to handle credit cards from major card brands. The standard is administered by the Payment Card Industry Security Standards Council, and its use is mandated by banks and credit card issuers. The standard was created to control cardholder data better and reduce credit card fraud.

While credit card fraud continues today, often through direct attacks on consumers who hold those cards, the bigger cyber security issue for the retail industry today is the depth of information they collect, store, and monetize, making retailers once again the “dream date” of the “dark side.”


Sign up now for a free assessment of your retail cyber security posture.


The attacks today are highly sophisticated and used to exfiltrate massive amounts of data or are ransomware-based, with many of these attacks never reported, and many victims of these attacks willing to pay out millions to get their networks, applications, and systems back.

Attacks in-store can range from stealing merchandise to changing prices, and the threats in both online and in-store cases are often organized by employees who pose digital and physical challenges for retail brands.

Overcoming Security Threats: The Retail Security Stack

For all its many benefits, digital transformation is changing the way retailers address cyber risk. Retailers are investing in ensuring every transaction online, and every visit to every retail store is personalized and super convenient, and understand in doing so, they have more personal and sensitive information, and that their brand reputations could be harmed if they don’t put cybersecurity in place. By embracing retail DX to create modern customer experiences online and in stores, retailers are competitive and remain attractive to consumers. DX also improves how retailers operate across the entire supply chain and in creating hybrid shopping experiences (buy online, pick up in-store, for example).

Remember the Target attack? This retail giant paid an $18.5 million multistate settlement, the largest ever for a data breach leaving more than 41 million customer payment cards exposed in 2013.

Target is not alone, and the breaches keep coming, from a month-long attack on Guess, which suffered a ransomware attack that included the theft of customer data, and an attack on Forever 21 that occurred over a stunning seven-month period. After obtaining network access, the threat actors deployed malware to gather credit card data from the fashion retailer’s point-of-sale (POS) system. Forever 21 admitted to not previously encrypting some of its POS devices.

Under Armour need a different kind of digital armor to protect their customers’ user names, email addresses, and passwords for approximately were compromised when an unauthorized third party accessed the data in February 2018.

A malware attack against Hudson Bay Corporation retailers’ POS resulted in the theft of more than five million credit cards, including those issued by Saks Fifth Avenue; the attackers subsequently attempted to sell the stolen data via the dark web.

A misconfigured database with 204 gigabytes and 1.1 billion records, including customer email addresses, user IDs, and customer online search information gathered from CVS Health and CVS.com, was found publicly available and unsecured in 2021 by cybersecurity researchers, and using compromised employee credentials, attackers accessed approximately 145 million eBay accounts in 2014.

Complexity is growing in our increasingly connected world; it’s time to unify and harden enterprise infrastructure.

A 2022 survey revealed that “68% of retail respondents identified their Infrastructure-as-a-Service (IaaS) environments as multi-cloud, and the same percentage (68%) said they have over 25 Software-as-a-Service (SaaS) applications in use, leading to potential issues with the complexities of securing multiple cloud environments.”

Only 46% of respondents said they have complete knowledge or are very confident they know where their data is stored. 59% of retailers reported having five or more key management solutions, leading to increased vulnerabilities and cybersecurity challenges.

ConnX is proud to work with AT&T, bringing their comprehensive security-as-a-service offerings to our enterprise customers.

AT&T Cybersecurity provides advanced endpoint and network security services that scale as retailers expand their IT footprint with IoT technologies and provides cloud security solutions at every stage of the retailer’s cloud journey, from cloud security strategy and assessment services to threat detection and response for public cloud and SaaS environments.

Working in concert with AT&T, ConnX helps retailers to simplify and accelerate regulatory compliance efforts with services like PCI DSS assessmentsASV-approved vulnerability scanning, and threat detection and response, helping to address 40+ PCI DSS requirements; we integrate all these solutions and more into the ideal platform for the large and distributed retailer, with thousands of branches, generating massive amounts of sensitive data.

DDoS defense and application layer security services are also mission-critical. Along with our highest quality, AI SD-WAN managed service offering; we help retailers provide high availability and business continuity during a potential attack.

Contact us for a free assessment of your retail cyber security posture, and learn how we saved one mass retailer millions of dollars each year in the process.

You can reach me at jeff.li@connxai.com.

Revamping Customer Experience: Cloud Voice Innovation Transforms How Brands Interact in Real-Time

Revamping Customer Experience: Cloud Voice Innovation Transforms How Brands Interact in Real-Time

The tumultuous world of retail is undergoing constant metamorphosis as the birth of new and disruptive technologies expedites the minimum expectations held by consumers. To remain apace with competitors, companies must find the most effective use of their finances to bolster customer experience, develop brand loyalty, encourage repeat sales, and enable growth.

Simplifying Cloud Communication: ConnX Partners with Amazon Chime SDK to Launch ‘AI Voice-in-a-Box’ Solution

Simplifying Cloud Communication: ConnX Partners with Amazon Chime SDK to Launch ‘AI Voice-in-a-Box’ Solution

Communication has always been an essential part of any business, regardless of industry, helping boost employee morale, engagement, productivity, and satisfaction, while also being a key aspect of collaboration and cooperation between co-workers. However, amidst the digital revolution and the widespread acceptance of the work-from-home (WFH)/ remote work movement, communication has become business-critical, sometimes being the difference between success and failure.

The Power of AI in Driving SD-WAN Growth

The Power of AI in Driving SD-WAN Growth

The MSP industry has come a very long way in a relatively short time. What was essentially an IT reseller role to provide and install and manage a specific application has evolved into MSPs becoming an integral part of a company’s IT provisioning and support network. This has allowed the industry to quickly become one of the most critical business sectors thanks to their adept understanding of the innovative technology available.

Connecting Higher Ed: AI SD-WAN Leads with More Predictable and Secure Networking

Connecting Higher Ed: AI SD-WAN Leads with More Predictable and Secure Networking

Pivotal to the foundation of our society, communications technology has seen rapid innovation as the flux continues to introduce new, complex, and agile alternatives which displace their predecessors. These solutions have been continuously adopted by companies throughout a myriad of industries as different businesses either attempt to solidify their position or oust their competitors.

ConnX Wins 2023 INTERNET TELEPHONY NaaS Product of the Year Award

ConnX Wins 2023 INTERNET TELEPHONY NaaS Product of the Year Award

We are delighted to announce that this technology has received honors during The 1st Annual INTERNET TELEPHONY NaaS Product of the Year Award presented by TMC, which took place earlier this month and noted us as one of the winners. CEO of TMC, Rich Tehrani, stated that the award came to us due to the effectiveness of our product in helping our clients reduce costs, increase agility, and improve scalability for their businesses.