2018 Predictions & Recommendations: What Retailers Should be Thinking About and Planning for

Christopher Budd

Category: Predictions, Retail


cpr retail Blog 600x300

This post is part of an ongoing blog series examining predictions and recommendations for cybersecurity in 2018.


I see two big things in 2018 that the retail world should think about and plan for:

  1. Retail transactions will be processed on more insecure and unsecurable platforms than ever.
  2. The surge in cryptocurrency prices will drive cybercrime innovation in new, unexpected and unpredictable ways, which may pose major risks for retail.

Retail transactions will be processed on more insecure and unsecurable platforms than ever.

In the early days of electronic retail transactions, they were done on a single platform that was totally under the control of the retailer. When e-commerce began in the late 1990s, that scope expanded to include the retailer’s internal platform, its e-commerce platform and the platforms from which shoppers accessed those (Windows, or Mac).

Today, you literally can’t count the number of platforms involved in retail transactions. And as the number of platforms has exploded, so has the problem that many of these are inherently insecure and can’t be made secure. Whether it’s an online shopper using a Windows XP system, an in-store shopper using an old Google Android smartphone, or someone using a new, wearable IoT device with a built-in wallet (but no built-in security), the fact is that retail transactions now are being done on fundamentally insecure and unsecurable platforms. And the proliferation of new devices, combined with how older systems and devices become insecure and unsecurable over time, means this problem will get worse in 2018.

Retailers need to adopt a Zero Trust architecture approach that reflects this reality. By realistically assuming that many of the platforms in the end-to-end transaction can’t be trusted, defenders can focus their prevention and protection efforts around what they can trust and defend.

The surge in cryptocurrency prices will drive cybercrime innovation in new, unexpected and unpredictable ways, which may pose major risks for retail.

Like I outlined in my recent retail Threat Brief: Unauthorized Coin Mining – A New Threat Facing Shoppers and Retailers This Holiday Season, we’ve seen a disruption in the threat space recently in the form of unauthorized coin mining attacks. These constitute a new class of attack, and they’re being driven by the surge in the prices of cryptocurrencies like bitcoin. We’re already seeing innovation around attacks focused on getting cryptocurrency into the hands of attackers.

If we look at ransomware as a guide, we saw an explosion in innovation and development as ransomware became an ever-more-lucrative area for attacks. I expect cryptocurrency attacks to follow suit.

The retail sector has acute exposure to these potential threats. The close relationship between retailers and online financial transactions, retailers’ strong presence as trusted internet sites, their trusted logos, and name recognition all make an environment that leaves retail particularly vulnerable to new attack in this area.

Whether it’s the risks of attackers trying to mine cryptocurrencies off popular shopping sites, trying to launder stolen cryptocurrencies through gift cards, or using online retailers’ names and logos as lures to cryptocurrency mining sites, retailers and their customers could be prime targets in this new threat environment.

The challenge is this: cryptocurrency theft and fraud are such new threats that we can’t fully scope them yet. That uncertainty makes this threat all the harder to mitigate. We are dealing with the worst kind of threat to assess: the “unknown unknown.”


With a little-yet-understood new factor in the threat environment, the critical practice of keeping up to date on threat intelligence and the latest threat trends is even more important. Equally important is supporting and participating in information sharing programs so that new threat trends can be quickly identified and defenders can work together to counter these new threats more quickly.

Additionally, adopting a Zero Trust architecture approach can help focus prevention efforts on the things that can be controlled.

Finally, it’s critical to maintain a heightened security posture to react quickly as new classes of attacks emerge. In an environment like this, it’s not enough to simply be ready to deploy new technological countermeasures: prevention, in this case, may well require rethinking your security posture.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.

© 2018 Palo Alto Networks, Inc. All rights reserved.