DNS Security for Retail: Protecting Revenue & Brand

The work-from-anywhere environment has accelerated the transition to the cloud, e-commerce and in-store retailers are experiencing heightened security risks. Risks that lead to more network downtime and data theft potential. Cybersecurity incidents can hit a retailer’s reputation hard, causing customers to switch allegiance to a competitor.

Smart DNS security offers the network visibility and analytics that retailers require for having the confidence to withstand potential cyber-attacks. Confidence in their capability to recover quickly and safeguard consumer data. While maintaining a good customer experience and keeping revenue flowing.

Expanded attack surface and data reliance increase vulnerability

The retail sector has long been prone to cyberattacks. A while ago, credit card details of thousands of Macy’s consumers were compromised when cybercriminals used logins and passwords obtained from third-party sources to access online accounts, 40,000 Ticketmaster customers had personal and payment data stolen due to malicious software, and last year Guess suffered a ransomware attack involving the theft of customer data including passport, driving license and Social Security numbers.

As omnichannel retailers of all shapes and sizes attempt to enhance efficiency and boost sales by adopting the latest data-driven technologies, their attack surface expands significantly. Bad actors are being given immediate access to valuable information such as cards and PINs via Point-of-Sale (POS) systems, and any breaches on the POS itself lead to long checkout lines and missed sales. In addition, the trend of retailers getting into the healthcare and pharmacy businesses results in them holding increasing amounts of sensitive customer data, so retailers need to comply with regulations such as GDPR, PCI DSS, and NIS to avoid costly fines. Insider threats are also on the rise, due to the growth of new stores and distribution centers, high employee turnover, and seasonal employees at times such as holiday periods and Black Friday.

DNS attacks are causing retailers to lose money and reputation

For disrupting networks or access to apps and services, as well as for exfiltrating data, DNS is a favorite target for cybercriminals, as shown in IDC’s 2022 Global DNS Threat Report. 87% of retail companies suffered DNS attacks, with each attack resulting in $832k damage costs on average and some costing over $5M. The most frequent DNS attack types include phishing, DNS-based malware, and cloud instance misconfiguration abuse. DDoS attacks are also of major concern for retailers, with 62% having suffered DDoS attacks of over 5Gb/s, the highest across all industries surveyed. Worst of all, the impact of attacks has risen for most categories, in particular data theft, brand damage, and cloud service downtime.

Impacts of DNS attacks on the Retail Industry

And what’s even more worrying are the countermeasures being used to mitigate the DNS attacks. 43% of retailers shut down their DNS server or service (highest across all verticals), causing loss of revenue for the business, 35% disabled the affected apps, and 27% shut down part of their network infrastructure. Use of more adaptive countermeasures would be advisable – ones that allow retailers to keep their business up and running – such as quarantining suspicious users to restrict their access while allowing legitimate traffic to pass.

Cloud and complexity are boosting Zero Trust adoption

Any disruption caused by network downtime or cybersecurity incidents is unacceptable for today’s digitally-enabled retailers, as failure to provide a consistent, integrated, and smooth shopping experience can lead to a customer rapidly moving over to a competitor. Effective cybersecurity has therefore become key for retailers, and with increased complexity caused by IT infrastructure in the cloud, network security teams are rushing to implement zero trust architectures (76% are already running or planning it, according to the IDC report).

Purpose-built DNS Security protects data, cloud, and applications

When it comes to zero trust, DNS has a key role to play. Its visibility over network traffic intent makes it ideal for detecting threats early and thus preventing their movement across the infrastructure. Access to critical apps can be better controlled by the use of DNS filtering combined with allow and deny lists. System and application access by employees and third-party workers can therefore be tied to job functions and carefully planned and monitored, helping overcome privilege abuse. Unfortunately for retailers, only 47% are currently making use of this, which is far below the 71% in the financial services sector for example.

But on the upside, the importance of purpose-built DNS security is now well recognized in the retail industry, with 71% of retailers regarding it as critical for their security posture. DNS security is viewed as a critical component for overall cloud security (by 68% of respondents surveyed in the Threat Report) and also for IoT security (56%), while 59% see it as important for protecting their remote workforce.

DNS Security for Ransomware and Data Theft

Leveraging DNS to fight ransomware and data theft are another area highlighted by the IDC Report. Retail companies are the top users of DNS against malware and ransomware, with 64% already using DNS for that purpose. And 63% see monitoring and analysis of DNS traffic as the most effective method for preventing data theft from their network. Solutions such as EfficientIP’s DNS Guardian, for example, enhance the detection of data exfiltration via DNS thanks to the inspection of DNS traffic between the cache and recursive functions. Using user behavior analysis, data theft attempts can be thwarted very early, as compared with firewalls which are unable to detect exfiltration until several days or weeks later.

Retailers today are facing a new breed of criminals, ones who focus on stealing information rather than stealing money or physical goods from a store or warehouse, so it’s mandatory they have a comprehensive strategy in place to ensure their networks and infrastructures are secure at all times. DNS is a vital piece of any organization’s security ecosystem, hence needs to be suitably leveraged to enhance the protection of data, apps, and users. For retailers, in particular, their revenue and the future of their brand depend, on it!