Retail cybercrime across the holiday season dropped, despite record business for companies across Black Friday and Cyber Monday, according to research from IBM, reported by Tech Week Europe.
Despite what The Register describes as "record-breaking surge" in online shopping from late November through to early December, cyber breaches fell. For the period of November 24 to December 5, the number of daily cyberattacks was 3,043. This sounds a lot, but for the same period in 2013, there were an average of 4,200 attacks - a drop of 27.5%.
For the actual Black Friday and Cyber Monday days, the drop was greater still, with Network World reporting a drop of more than 50% year on year. Last year's Black Friday and Cyber Monday had 10 breaches resulting in 72,000 records being compromised, compared to the previous year's 20 breaches resulting in nearly four million records accessed.
However, this positive news about the busiest online shopping days of the year masked a more worrying trend. In 2014, according to IBM's research, retail overtook manufacturing as the number one target for hackers. Once breaches of over 10 million records (Home Depot and Target) were removed from the data, IBM discovered that the number of retail records compromised in 2014 increased by more than 43% on 2013. So although the number of attacks were significantly down (by around 50% since 2012), their effectiveness seems greater.
While the high profiles leaks of last year were related to Point of Sale malware (including the aforementioned Home Depot and Target leaks), the report also highlights that the vast majority of retail hacks used Command Injection or SQL Injection methods for their attacks. Network World states that "the complexity of SQL deployments and the lack of data validation performed by security administrators made retail databases a primary target."