Expert Speak
DLP: Defending Retail from Fraud Schemes
Written by Lev Matveev, Founder of SearchInform
Customer and supplier data, transactions, pricing, etc.—all of these are vital assets for retailers. In the wrong hands, this asset can turn into a business killer. Employees often, whether intentionally or not, become insiders and cause serious incidents that result in data leakage or fraud. How can retail companies protect themselves and their customers from increasing insider threats? This is the issue we are going to explore today.
Figures Don’t Lie
The fact that insider threats are becoming more frequent is confirmed by various studies. Searchinform’s 2023 Research on InfoSec Incidents in SMEs shows that all surveyed entities experienced insider incidents last year. The number of reports about such cases in the world increased from 66% in 2019 to 76% in 2024. The study by the UAE Cyber Security Council and CPX highlights a 30% increase in insider threat incidents within the Emirates.
Given that retail is the third-biggest sector of the UAE economy, its security is of great importance. The 2023 UAE Retail Report by Adyen reveals that, while 68% of businesses claim to have effective anti-fraud measures, 44% of UAE retailers faced cyberattacks or data breaches last year. Fraud victims increased by 39% compared to 2022.
The Adyen report also shows that 18% of UAE consumers regularly leave online stores without purchasing due to security concerns, while 29% prefer stores with a higher security level. Thus, implementing strong security measures pays off not only financially but also in terms of reputation and customer loyalty.
DLP, The Rescue Ranger
Research shows that employees usually cause internal security breaches unintentionally. For example, many people do not view sending the personal data of staff members to a non-corporate email as something serious. Meanwhile, companies face data leaks and subsequent penalties from regulators.
Malicious insiders who collect and leak sensitive information outside the corporate perimeter for personal gain are less common; they are responsible for about 25% of such incidents. Despite their lower frequency, these cases are the costliest, averaging $701,500 per incident. Organizations must be prepared to protect against both unintentional and malicious insider threats.
So, what measures should retailers implement to effectively prevent insider incidents and keep their businesses and customers safe?
One of the basic tools to address such threats is a Data Loss Prevention (DLP) system. DLP is a practical solution for businesses seeking to strengthen their defences against information leaks and corporate fraud. These types of systems comprehensively monitor all popular data transfer channels, thoroughly analyze incoming and outgoing information, detect and prevent violations by blocking unauthorized transmissions outside the corporate perimeter, and provide administrators with detailed reports.
Advanced versions of modern DLP systems can offer extra features, such as detecting complex corporate fraud schemes, equipment theft, working for competitors, poor performance, and more. Next-gen DLPs have capabilities for eliminating problems that previously were impossible to solve, for example, protection against malicious insiders taking photos or screenshots of corporate device screens. These kinds of solutions also provide control over messengers protected by end-to-end encryption.
However, not all companies, especially small ones, can afford to maintain an in-house DLP. Even if the organization has sufficient budgets to purchase software licenses and required hardware, the system still requires a qualified administrator. This comes at an extra cost, what’s more, there’s a severe lack of information security officers on the market. If you need a solution without a huge financial burden and HR-related issues, the Managed Security Service (MSS) with integrated next-gen DLP can be a perfect choice.
A dedicated information security officer will configure the service according to your requirements, maintain it, ensure monitoring, prevent incidents, notify you about the violations and provide comprehensive reports on what’s happening in the company. Meanwhile, you retain full control over the processes and decide on the steps to be taken. This approach ensures comprehensive protection without overwhelming your budget.
How DLP Protects Retail: Real-Life Cases
Now let’s take a look at some of the cases from SearchInform experts’ practice. In all of them, companies managed to identify intruders and violations using the DLP system.
Case #1: Good Old Kickbacks
A car dealer deployed a DLP system to detect episodes of corporate fraud. Due to the security policies set up for identifying kickback attempts, a couple of malicious insiders within the organization were caught red-handed.
One of the sales managers tried to deceive a client by falsely claiming she was ineligible for discounts and then offered her a “special” discounted price in exchange for a kickback. He applied a standard discount available to all clients, presented it as a beneficial deal, and requested a 2% cash payment for himself and his superior.
Another manager colluded with competitors by sending overpriced quotes to customers and passing their contacts to a rival dealership. There, clients were offered the same cars for 6–7% less but were asked to partially pay in cash. The cash payment was meant to be a reward for the tipster.
The first scheme would have cost the dealership $900 per transaction, totalling $225,000 per year, with the risk of lawsuits. The second scheme would have resulted in a monthly loss of $400,000 due to client outflow. Thanks to DLP monitoring and analysis of these insiders’ social media chats, IS officers could prevent fraudulent activities with serious consequences.
Case #2: Friendly Leak
An IS analyst at a retail company detected an attempt to leak information. As it turned out, the sales manager and the director of a competitor company were buddies. They came up with a simple fraud scheme: the sales manager was supposed to pass information about potential customers on to competitors for a certain amount of money. With the help of a DLP system, the information security analyst detected the employee starting to copy the customer base to an external hard disk. This became the basis for launching an investigation that prevented the incident.
Thanks to the DLP system, the company managed to avoid damage that would have been estimated at millions of dollars.
Case #3: Great Fraud Wall
One day, a retail company received a letter from its Chinese supplier. Foreign colleagues were requesting payment for purchased equipment. There was also a warning that the bank account details had changed and the money needed to be transferred to a new account. This aroused suspicion among the IS department specialists, and they initiated an investigation using DLP. It was discovered that an employee had received a message with the real account details but attempted to replace them with fake data. The employee was fired. The company successfully avoided financial losses.
The invoice from the Chinese supplier amounted to $370,000. Had the incident not been uncovered, the company would have lost that money and faced a serious misunderstanding with its foreign partner.
Case #4: The Calamoo-ty
A small organization that sells dairy products deployed a DLP system for testing. They set up a file containing the company’s budget, expenses, and revenue for search and tracking, with access restricted to top managers. Suddenly, one of the employees uploaded the document to her laptop and emailed it to a colleague. The investigation revealed that she had been accessing the commercial director’s computer during her spare time to view his files. The employee was dismissed, and her supervisor received a briefing on the importance of protecting confidential data from unauthorized access.
The leak of this file could have not only intensified competition with existing enterprises but also provided a basis for new competitors to enter the dairy market. The potential damage from such an incident was estimated to be approximately $850,000.
_________
As can be seen from the cases, Data Loss Prevention systems play an important role in protection against internal threats. This also was highlighted by Saeed Al-Shebli, Deputy Director of Digital Security at the Ministry of Interior of the UAE, in his latest column. He pointed out that DLP solutions enhance security by preventing users from copying, transferring, or leaking data.
Written by Alain Penel, VP of Middle East, CIS & Turkey at Fortinet (more…)
Positive Technologies has released a study on the dark web market, analysing prices for illegal cybersecurity services and products, as well as the costs incurred by cybercriminals to carry out attacks. The most expensive type of malware is ransomware, with a median cost of $7,500. Zero-day exploits are particularly valuable, often being sold for millions of dollars. However, the net profit from a successful cyberattack can be five times the cost of organizing it.
Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.
Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.
Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.
Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”
Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.
Written by Oded Vanunu, Chief Technologist & Head of Product Vulnerability Research at Check Point (more…)
GISEC Global 2025: Phishing, Data Breaches, Ransomware, and Supply Chain Attacks Causing Challenges
GISEC Global 2025: A Place Where Innovation, Partnerships, and Leadership Come Together
Cequence Intros Security Layer to Protect Agentic AI Interactions
Commvault Enhances Cyber Recovery Offerings with CrowdStrike Incident Response
Bugcrowd Launches Crowdsourced Red Team as a Service
CyberKnight to Showcase Zero Trust Security 2.0 at Gartner SRM and GISEC Global 2025
Gartner Forecasts Spending on Information Security in MENA to Grow 14% in 2025
OPSWAT Opens Office in Saudi Arabia
SearchInform Expands Cybersecurity Awareness Programs Across the UAE
Commvault to Host SHIFT Cyber Resilience Roadshow in Dubai
UAE Workforce in 2025: Cybercrime, Stress, and Burnout Take the Spotlight
Video: Toshiba Presents Latest Hard Drives and QNAP NAS System Live Demo at INTERSEC 2025
Video: Toshiba Showcases its Latest Hard Disk Drives Through Live Demos at Intersec 2025
Video: Interview with Meriam ElOuazzani of SentinelOne
Video: Interview with Fred Crehan of Confluent at GITEX Global 2024
-
Artificial Intelligence1 week agoGenerative AI is Transforming Cybersecurity Across Detection, Defense, and Governance
-
Events1 week agoOPSWAT Joins GISEC 2025 as Middle East Confronts AI-Driven Cyber Threats
-
Cyber Security1 week agoProofpoint Unveils Unified Solution for Workspace Cost, Cyber Risk Reduction
-
Cyber Security1 week agoKuwait Renews Cyber First Initiative to Strengthen Digital Defenses for Vision 2035
-
Artificial Intelligence7 days agoFortinet Expands FortiAI Across its Security Fabric Platform
-
Cyber Security1 week agoAmiViz to Show Off the “Future of Cybersecurity” at GISEC 2025
-
Artificial Intelligence1 week agoHow AI is Reinventing Cybersecurity for the Automotive Industry
-
Cyber Security2 days agoGISEC Global 2025: There’s a Rise in Malware and Ransomware Campaigns Moving From IT to OT Systems