AXIS Cyber Risk Advisory INCYTE Newsletter
Resiliency in Action
Retail Under Attack: Overcoming Identity Security Risks Before They’re Exploited
Retailers face unprecedented pressure from identity-based attacks while managing highly complex environments. Multi-site operations, seasonal staff, countless third-party vendors, and hybrid IT environments create one of the largest attack surfaces of any industry. It’s no surprise that ransomware incidents in retail increased globally by 75% in Q1 2025, with the average cost of a breach reaching almost $4.5 million.
For attackers, the identity layer is the easiest way in. Compromised employee credentials were linked to 60% of breaches, while third-party vendors were tied to another 30%. Once inside, attackers exploit blind spots in retail environments to escalate privileges and move laterally, often undetected, until they reach critical systems.
The result: disrupted operations, loss of customer trust, and lasting damage to brand reputation.
Why Retailers are High-Value Targets
Lack of visibility across complex environments
From handheld scanners and Radio Frequency Identification (RFID) technology to vehicle-mounted computers, smart shelves, and customer-facing applications, retailers operate in uniquely diverse environments. This complexity makes it difficult for security teams to maintain full visibility into the identity lifecycle, leaving critical blind spots that attackers can exploit.
Lateral movement with compromised credentials
Once attackers obtain valid credentials, they can move laterally within systems in ways that appear to be legitimate user behavior. Traditional security controls rarely detect this activity in real time, allowing attackers to escalate privileges and reach critical systems.
Exposed Non-Human Identities (NHIs)
Retail operations depend heavily on NHIs, including machine-to-machine and service accounts. These “silent workers” often lack proper oversight or security controls, making them a prime target for compromise and a common pathway for lateral movement.
Silverfort: Strategies for Retailers to Contain Attacks Before They Escalate
Silverfort’s Identity Security Platform goes beyond traditional tools, enabling retailers to contain attacks before they escalate.
End-to-end visibility across hybrid environments
Silverfort automatically discovers and monitors every authentication and access request across on-prem, cloud, and hybrid environments. This provides visibility and context for fast, informed response.
Stopping lateral movement in real-time
Silverfort can enforce MFA protection to all access interfaces and authentication protocols within Active Directory, including command-line tools like PsExec and PowerShell. These strong security controls block attackers’ most common lateral movement techniques before they can reach critical systems.
Securing Non-Human identities
Silverfort automatically identifies and classifies all NHIs, including on-prem machine-to-machine and service accounts. By analyzing account behavior and applying tailored security policies, security teams can prevent account misuse and their exploitation.
“Security is a game of space and time… strategic investments in solutions that mitigate multiple risks at once, allowing security teams to stay ahead of threats without being buried in complexity.”
Rob Ainscough, Chief Identity Security Advisor at Silverfort - Reflections from the identity frontline
Silverfort’s Identity Security Assessment
AXIS primary cyber customers can access a complimentary Identity Security Assessment, designed to:
- Uncover hidden credential exposures across employees, vendors, and privileged users
- Detect at-risk NHIs and identify unused or misconfigured privileged accounts
- Highlight identity hygiene gaps such as stale credentials, non-expiring passwords, and legacy protocols
- Provide a prioritized roadmap to strengthen identity security posture and close compliance gaps
This no-cost assessment provides actionable insights before attackers can exploit them
Sign up for the AXIS Assessment
This material is provided for informational purposes only and is not an offer to sell, or a solicitation to buy, any particular insurance product or service for a particular insured. It is intended for licensed insurance professionals. Cyber incident examples may be based on actual cases, composites of actual cases or hypothetical claim scenarios and are provided for illustrative purposes only. Facts may have been changed to protect the confidentiality of the parties. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued, and applicable law.
The practices, services or service provider(s) discussed herein are suggested as risk mitigation or incident response resources only. Use of any practice, service or service provider does not guarantee the performance or quality of the services provided, including the avoidance of loss, the fulfilment of any obligations under any contract, or compliance with any law, rule, or regulation. AXIS is not responsible for the effectiveness of a cyber risk management program and encourages each policyholder, together with advice from their professional insurance advisor, to perform its own independent evaluation of any practice, service or service provider as part of its overall risk management strategy.
For information about our products and underwriting companies, please see https://www.axiscapital.com/product-information