The latest ransomware attack has struck Guess, which is a U.S.-based fashion brand and retailer. The attack on Guess is said to have compromised the personal and banking data of 1,300 victims.
The type of information affected includes personal data relating to customers, potentially including their name, address and payment details.
Looking into the matter for Digital Journal is Casey Ellis, CTO and founder, Bugcrowd.
According to Ellis, these types of attacks have accelerated partly as a product of more companies going online or expanding their Internet presence. Here he explains: “The pandemic has accelerated digital transformation for retailers and further shifted consumer buying habits online, which has expanded their attack surface and heightened the number of vulnerabilities and risks of a breach.”
Hence: “This breach should serve as a reminder for all retailers to evaluate their security processes.”
There is also the novelty value to contend with, explains Ellis: “Many retailers are relying on new systems that were built on the fly as organizations adapted to the customer requirements of the pandemic.”
This leads to teething issues: “As a result, these systems often haven’t been properly tested in high-volume transaction environments before. Speed is the natural enemy of security, and retailers must beware of increased risks of denial of service (DDoS) attacks, ransomware, fraudulent purchases, phishing campaigns impersonating retailers.”
As part of preventative actions, Ellis recommends: “Retailers can adopt a “neighborhood watch” approach to security, engaging outside ethical hackers and even the general public to proactively disclose vulnerabilities before cybercriminals can exploit them.”
The reason with approach is important, explains Ellis is because it: “Allows retailers to discover security issues before the adversary does, protect their users, and avoid a disrupting breach.”
This is clear with the attack launched upon Guess, Ellis adds: “As we have seen with this attack, failing to ensure security at the scale needed will grant attackers access to large quantities of customer information and data such as social security numbers, driver’s license numbers, passport numbers, and/or financial account numbers, as well as the ability to inject ransomware into the retailer’s networks.”
