Cisco UK & Ireland Blog

From the Kray Twins to Cryptolocker – The Evolution of UK Retail Security Threats

March 17, 2017

Statistically speaking, retail is a risky business to be in. In the UK, retail is the industry consistently most targeted by criminals according to Government commercial victimisation figures. And retail crime clearly pays – the latest British Retail Consortium (BRC) Annual Retail Crime Survey puts a conservative estimate on the direct cost of crime to the industry at £660 million. Yet, to paraphrase Mark Twain, there is no such thing as a new crime.

£660 million = direct cost of crime to UK Retail (conservative estimate)

So just how has retail crime evolved to become such big business? And how do the bad guys manage to keep outwitting even the best-known household names? It’s quite simple really. Just as digitisation and the Internet have brought new opportunities and increased efficiencies to retailers, they have also brought new opportunities and efficiencies to the criminals targeting them.

Let’s take a look at how…

In the days of the infamous Kray Twins, the extortion racket was a very popular model for organised crime. Shop keepers in the 1950s/1960s would be threatened with an unexplained fire or a broken window, unless they paid whatever sum the gangsters demanded. Shopkeepers were in effect held to ransom – and had to choose the bricks and mortar of their business, or their hard-earned profits. However, this type of crime had its limitations – criminals were limited to a geographic area they controlled, and physical shops and warehouses.

As we headed into the 2000s and retail went virtual, so did the crime. Instead of being menaced with a brick or a lit torch, retailers today are menaced with their website being subjected to a denial of service (DoS) attack, and taken off line. Again, they are usually held to ransom for this – cyber criminals demand payment via untraceable bitcoins. This allows today’s cyber criminals to take a tried and tested crime model and, using digitisation and the Internet, to scale their activities to international levels.

And scaling they are. The latest BRC Annual Retail Crime Survey found that cyber-crime such as data breaches now represents 5% of the total direct cost of crime to retail businesses in the UK, while ‘cyber-enabled fraud’ is estimated at 53%. And an incredible 91% of retailers have seen the overall number of cyber breaches increasing or remaining the same over the last year.

With its origins in pick-pocketing, documented from in Charles Dickens’ literary classics, shoplifting remains a major issue for retailers, accounting for 66% of the direct cost of retail crime (source: BRC). But you can only stash away a limited number of items at a time. The cyber-crime business model allows the bad guys – who may well be located in a different country entirely from the retailer – to steal customer details and credit card data from point of sale devices and customer management systems with specialised malware, in often huge volumes before discovery.

“Kidnap” of the store manager was a real and present danger during the 20th Century, yet in the 21st Century, the targeted victim is more likely to be data. Most of the value on a computer is in data, but you can only monetise so much by selling credit card details on the dark market. So how to make money from the remaining data? Adapt the age-old crime model and launch a ransomware attack, such as the campaign executed by Cryptolocker recently dubbed the “world’s nastiest extortion malware” by Computerworld, holding the data hostage until a fee is paid.

The Cisco 2017 Annual Cybersecurity Report identified retailers’ key areas of cybersecurity vulnerability and concern:

  • Nearly 1 in 3 retailers have experienced loss of revenue due to an attack.
  • Retailers perceive targeted attacks as their highest risks (followed by insider exfiltration).
  • 54% of retailers have managed public scrutiny due to a security breach (other industries – 49%).
  • Only 52% of retailers perceive their security infrastructure is very up-to-date and constantly upgraded with the best tech (other industries – 59%).
  • 1 in 3 retailers reported a severe data breach caused systems to be down for more than 9 hours.
  • Only 61% of retailers strongly agree that they are able to maintain full PCI compliance.

 In the next in this retail security blog series, we’ll focus on the enemy lurking within every store, and a growing and lucrative target for cyber criminals – Point of Sale (POS) attacks.

 With thanks to Martin Lee of Cisco Talos.

Leave a comment


  1. Great work Jacques, nice read.