Hardware-Based Cyber Attacks

By Bentsi Ben Atar, CMO and Co-Founder of Sepio Systems

When Covid-19 hit in early 2020, millions of people began working — and shopping — from the safety of their homes. This dramatic increase in e-commerce purchases resulted in retailers amassing more digital data on their customers than ever before, and this has made the retail industry an especially alluring target for cyber criminals.

Most retailers understand the serious consequences of suffering a data breach, running from heavy fines for non-compliance with data protection regulations like GDPR and CCPA to a long-term loss of reputation and consumer trust. This is the reason why merchants protect against cyber-attacks by employing a combination of firewalls, endpoint protection, IoT network security, network access control (NAC), intrusion detection systems (IDS) and more.  However, none of these common solutions can detect one of the industry’s most under-reported cyber threats: hardware-based attacks.

Rogue devices that appear harmless are used to carry out devastating attacks, and several vulnerabilities within the retail industry make it a prime target.

Employee Turnover

Because retailers often hire seasonal workers, there is the risk that shorter employment duration can result in reduced employee loyalty. As a result, these workers may be more inclined to carry out a cyberattack than veteran staff. When it comes to hardware-based attacks, a worker can easily compromise data by downloading it onto a USB drive, or by using a digital storage card and then leaving the place of business with stolen information that will later be leaked. A more sophisticated criminal who has been working at a company can make their attack appear as if it is a normal operation, while covertly compromising hardware with a device that seems legitimate but is in fact, malicious.

More Points of Entry

The increased digitalization of retail has created a plethora of entry points for cyber attackers. Hardware hackings require hands-on physical access, but with a typical ratio of five devices to each employee in the retail industry, malicious actors have several points they can potentially exploit. Internet of Things (IoT) devices – from individual devices to corporate communications channels – are becoming more popular in the retail arena, further increasing the risk of hardware cybersecurity attacks. In fact, the main reason why IoT devices are targeted within the retail industry is because they don’t have proper built-in security controls.

Attackers Blending in With Other Shoppers

Despite this increased digitalization, vulnerabilities remain present within brick-and-mortar stores as well. Slowly but surely, in-person shopping is returning, and an attacker can easily blend in with the crowd and sneakily attach a spoofing device to a computer at checkout. This threat is compounded by the ongoing mask mandates, which enable criminals to operate among us without fear of being identified by witnesses later.

An Increase in Data Means an Increase in Supply Chain Data

Suppliers are integral to the retail industry, and data is often shared between them to facilitate the flow of business. With the abundance of data aggregated from e-commerce shopping during the pandemic, each supplier within a chain has become a bigger target. And of course, an attack on a single supplier can compromise an entire network. This includes the retailer, who is ultimately held responsible. This can greatly impact a brand’s reputation even when it is not the retailer’s fault, possibly resulting in long-term customer distrust.


As cybersecurity protection gets smarter, attackers follow suit.  Right now, the latter are increasingly shifting their focus to hardware-based attacks because, quite simply, nobody is defending against them. Retailers must arm themselves with sophisticated new tools that can recognize and raise the alarm about suspicious devices before they are able to deliver their payload.

Comments are closed.

    Recolight right-hand skyscraper April 20
    Perspex right-hand skyscraper March 21
    Inspired Lighting right-hand skyscraper Aug 21
  • A1 Retail Twitter

  • Search