Cyber Attacks Shift to Smaller C-store Retailers

Cyber hackers have recently shifted their focus from large retailers to convenience store operators with 100 locations or less, because they are considered much easier targets, Dante Mercurio, principal consultant, security solutions, for Verizon, said during Saturday’s educational session, “Cyberespionage: Don’t Get Breached.”

Even more surprising is the source of these attacks, which cost c-store retailers millions of dollars per year. Romania is the largest perpetrator of these attacks on a per-capita basis. “China is the No.1 source of such attacks, but Romania is very close behind and has a population of only 27 million people,” said Mercurio.

The Verizon executive couldn’t say for sure why Romania is such a hot spot for this type of criminal activity, but he theorized that the country's highly educated, lowly paid workforce and lax government are likely reasons. He advised all retailers in attendance to immediately be suspicious of any communication received from Romania and block all Internet protocol addresses from the European country if possible.

Of course, retailers that are the target of a variety of attacks, including at the ATM and point-of-sale, need to do much more to prevent against cyberespionage.

“A huge problem is that breaches happen so quickly and get discovered so slowly,” Mercurio said. “You need to understand the threat, protect against the actions pertaining to the threat, and understand the data they are going after.”

Unfortunately, most smaller c-store operators don’t have the financial wherewithal and manpower to comb through logs daily and prevent against all cyber attacks. Hence, Mercurio advised that retailers should at least make a breach difficult so that attackers will move on to other potential targets.

“If you only have a limited budget as a CIO [chief information officer], I would spend it on two things: malware protection and monitoring,” he concluded.