Mobile

11/28/2017
02:55 PM
50%
50%

Retail and Hospitality Breaches Declined Over Past 2 Years

A drop in publicly disclosed breaches for the two industries is due in part to fewer point-of-sale breaches.

Publicly disclosed breaches in the retail and hospitality industries have fallen to less than five occurrences per month, down from double-digit figures over the last two years, a new report released today reveals.

This drop is attributed in part to merchants, hotels, and restaurant chains retooling their point-of-sale (POS) systems to accept EMV or chip payment cards, says Stephen Boyer, CTO and co-founder of BitSight Technologies, which authored the report.

"EMV adoption has really accelerated since the Target breach and that could partly be the reason why the total number of breaches is trending down," Boyer says. "You hear a lot about breaches all the time, so I was not expecting the total trend to be going down."

During the January 2015 to January 2017 period analyzed in BitSight's report, the total combined number of publicly disclosed breaches in the retail and hospitality industries reached 320. But over the span of two years, it fell from 186 breaches in 2015, to 131 in 2016, with just three reported breaches in January.

POS systems were the largest vector of attacks for the hospitality industry, accounting for nearly 40% of the 181 breaches hotels and restaurants faced over the two-year period, according to BitSight's data. The frequency of POS attacks fell sharply from eight a month in 2015, to as few as two toward the end of 2016.

Web apps, meanwhile, were the largest targets of attack in the retail industry, accounting for nearly 30% of the 139 breaches encountered during that period. During the first half of 2016, the retail industry had a slight spike in publicly disclosed Web app attacks, but no POS attacks, according to BitSight data. And in the first quarter of 2016, the hospitality industry got hit with six publicly disclosed Web attacks at a time when its POS attacks dipped.

"I have no doubt that EMV cards are forcing some cybercriminals to Web apps. I think that is the only explanation that makes a lot of sense," says Avivah Litan, a Gartner analyst.

Chip cards are less lucrative and more work for cybercriminals to deal with, Litan says. EMV cards do not carry users' data on a magnetic strip that can be skimmed and sold on the Dark Web, and specialized equipment is needed to pull information off the chip payment card, she notes.

Given those challenges, hitting a Web app and intercepting an e-commerce transaction may be easier for cyberthieves, according to BitSight's Boyer.

He adds that although companies are getting better at protecting their customers' data and transactions, cybercriminals remain highly motivated, and data breaches against the retail and hospitality industries aren't likely to subside.

Related Content:

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/11/2018
New Domains: A Wide-Open Playing Field for Cybercrime
Ben April, CTO, Farsight Security,  10/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18324
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.
CVE-2018-18322
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.
CVE-2018-18323
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.
CVE-2018-18319
PUBLISHED: 2018-10-15
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merli...
CVE-2018-18320
PUBLISHED: 2018-10-15
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allo...