‘Tis the season for cyberattacks, particularly when it comes to the retail industry.

According to the VMware Carbon Black Threat Analysis Unit (TAU), retail organizations may see a noticeable spike in attempted cyberattacks during the holiday season.

TAU’s analysis across VMware Carbon Black’s global endpoint footprint reveals that global retail organizations encountered a 20% increase in attempted cyberattacks during the 2018 holiday shopping season, continuing a trend we’ve been tracking since 2016.

In conjunction with TAU’s dissection of attack data, VMware Carbon Black conducted a survey measuring feedback from 20 leading CISOs from global retailers to determine how cyberattacks are evolving, how these CISOs view the threat landscape and what’s being done to stem the tide.

Of note from the survey, 73% of retail organizations said they’ve seen an increase in cyberattack sophistication over the past year, with 33% of these organizations saying they’ve experienced an island-hopping attack over the same time period.

And these attacks are potentially harming more than just brand reputation. Forty percent of surveyed retail organizations said they’ve lost revenue in 2019 as a result of a cyberattack.

As VMware Carbon Black has noted in previous vertical-specific reports, the dark web continues to compound the attack landscape. Underground providers are offering listings that could affect consumers and retailers including: credit-card skimming guides, counterfeit credit cards, financial-specific malware, and access to specific bank accounts via stolen credentials.

According to the survey, retail CISOs are combating these trends with increased headcount, budgets and, in some cases, the implementation of threat hunting teams. The following report presents the highlights of our latest research and includes specific recommendations for how retailers can enjoy a happy holiday season.

The report also revealed that 66% of surveyed retail organizations said they’ve experienced a ransomware attack over the past year.

The dark web currently has listings for retail-related information including: credit-card skimming guides, counterfeit credit cards, financial-specific malware, and access to specific bank accounts via stolen credentials.

More than half (53%) of surveyed retail organizations said they plan on increasing cybersecurity staff in 2020. 40% said they plan to increase security budget by at least 10% in 2020.

The report also found that 33% of surveyed retail organisations currently have a threat hunting team.