Armorblox is now part of Cisco

Articles & Thought Leadership | 8 min read

Retail Therapy Interrupted: Email Security Risks for Retailers


Anand Raghavan
Anand Raghavan

Retailers make an attractive target for bad actors for several reasons, including their high volume of PCI and customer data. Read more to familiarize yourself with the key vulnerabilities within retail organizations and how retailers should evolve their email security to stay protected.

Retail Therapy Interrupted: Email Security Risks for Retailers

Retailers make an attractive target for bad actors for several reasons. Depending on the organization, they have the two things that bad actors seek most – money and sensitive PCI data. Secondly, there are some key security vulnerabilities that exist within retailers that may not be present at other large institutions. This makes retail organizations a prime target for attacks such as Business Email Compromise (BEC), Ransomware, credential phishing, email account takeover, impersonation, and other types of social engineering attacks.

According to Verizon’s 2022 DBIR, the retail industry experienced 629 confirmed incidents and 241 breaches with confirmed data loss in 2021. In addition, Ransomware attacks within the retail industry rose by 75% year over year in 2021, and social engineering attacks saw a 29% increase.

Key Security Vulnerabilities within Retail Organizations

There are several reasons retailers may be more desirable targets for cybersecurity attacks. These range from their large vendor ecosystem to their largely non-technical employee base. Let’s look at some of the key vulnerabilities and email security risks that exist for retailers, as well as the steps that retail security teams can take to improve their organization's security posture and protection against today’s modern threats.

Retailers Are Targets for Vendor Fraud Attacks

The majority of retailers work with a large ecosystem of third-party vendors, including manufacturers, suppliers, and other service companies that help keep their business operating smoothly. Working with a large number of third-party vendors also makes them more vulnerable to Vendor Fraud and Supply Chain Attacks.

When a vendor is compromised, it can result in the loss of money through fake invoices and wire transfer requests, as well as the loss of sensitive customer and employee information such as PCI and PII. Retailers also tend to onboard and offboard new and old vendors frequently as their inventory and business needs change daily. This can make their ability to properly track their active vendor list—and its corresponding security hygiene—especially challenging and demanding. Due to this, having email security in place that can detect vendor compromise is key to avoiding vendor fraud and supply chain attacks.

More Opportunity for Email Account Takeover

Retailers have become increasingly reliant on e-commerce and internet-connected devices in stores. More technology also means more applications, accounts, and logins. This raises the potential entry points for attackers to gain access. With each new app, account, and vendor, there is another opportunity for impersonation attacks targeting retail employees. Bad actors pose as brands and create impersonation attacks in order to extract employee credentials and gain access to email and other accounts. If bad actors potentially compromise an account, it could mean access to sensitive customer data. This compromised account can also then be used to compromise additional employee accounts, customer accounts, or databases.

Well-known retailers also have high-ranking and high-authority domains, making them enticing targets for bad actors. If an attacker is able to successfully compromise an employee’s email account, the good standing of the domain will allow them to deliver email-based attacks into secure organizations while successfully avoiding spam filters and blocklists. Compromising retailer website domains are also of high value for highjacking traffic and hosting bad URLs.

Retailers Have a High-Flux and Non-Technical Employee Base

Retailers’ employee base and their online user base are typically high flux. According to the Bureau of Labor Statistics, the turnover rate of retail workers sits around 60%. Retail workers are also more likely to hire seasonal workers. With a high-flux worker base, there is a constant stream of new mailboxes to set up and close every week or month. Employees who do not see themselves in an organization long-term may not take the necessary steps to set up MFA or attend security training. In addition, the user base is largely non-technical. Depending on their role, a majority of employees tend to have less formal training in technology and cybersecurity best practices.

Tighter Security Budgets

Retail security teams have their work cut out for them. Not only do they have to protect their employees from targeted threats, but they also have a ton of customer data to protect. According to S&P Global, the retail industry experienced a 29% decline in stock value in 2022. Due to this current macroeconomic downturn, retailers are most likely tightening their budgets in all areas, including security. With fewer funds allocated for necessary security tools and training, employees are likelier to fall for credential phishing attempts and other socially engineered attacks.

Retail security teams should look to adopt tools that help automate time-consuming, manual processes involved with remediating user-reported phishing threats, as well as provide in-email contextual warning banners that can help educate employees about real-life phishing attempts.

How Retailers Will Need to Evolve their Security

As the threat landscape becomes increasingly targeted, retailers will need to adopt tools that can protect them against socially engineered attacks such as phishing, email account takeover, and vendor email compromise. Because retail organizations work with so many vendors and receive a high volume of invoices via email, they’re especially vulnerable to the growing threat of vendor and supply chain attacks.

Due to their employee base’s lack of technical training and high turnover rate, retail security teams should adopt email security that can detect language in order to weed out legitimate requests from attacks. With tools that can automate key processes and utilize NLU, AI, and ML, security teams will be better positioned to secure their organization from costly email attacks.

Protect Your Retail Organization From Email Attacks 

More than 58,000 organizations across industries and sizes trust Armorblox to secure their human layer against targeted email attacks and data loss. Armorblox helps Retail organizations to communicate more securely over email using the power of Natural Language Understanding (NLU). Armorblox connects over APIs to understand the content and context of communications. Retailers use Armorblox to stop BEC and targeted email attacks, protect sensitive PII and PCI, and reduce phishing response times for user-reported threats.

Armorblox prevents email accounts from being compromised by cybercriminals and used to launch follow-on phishing attacks against other employees or customers. Armorblox’s Data Loss Prevention can also help your organization to maintain PCI Compliance and security standards required by regulators. In addition, we reduce the burden on strained IT and security teams with prebuilt detection policies and automatable response workflows.

Learn more about how Armorblox protects Retailers from a range of sophisticated email threats and supports organizations such as Albertsons, General Beverage, and PharmEasy.

See Armorblox in action. Click below to take an interactive tour of Armorblox.

Take Product Tour

Experience the Armorblox Difference

Get a Demo