Cyber Security Awareness Month often passes quietly outside the industry, but with high-profile attacks dominating headlines, cyber resilience is impossible to ignore – particularly for retailers, says Allan Liska, Threat Intelligence Analyst at Recorded Future.

The proliferation of AI, combined global economic and geopolitical turbulence has made the cyber threat landscape particularly volatile in 2025 so far. For retail leaders, October is the time to reset and reconsider their cyber defence strategy. This means thinking critically about how their organisations are exposed, how attackers are evolving, and how teams can build resilience into every layer of operations. A good starting point is building intelligence and insight about what hackers are doing and the potential threats they pose.

Understanding today’s threats

Knowledge and awareness are the foundation of defence. The first step is understanding the techniques cyber criminals are using to exploit companies and how evolving tactics are shaping the threat landscape. Ransomware, insider risks, and AI-assisted deception are now converging to form a complex and persistent challenge.

The evolution of ransomware tactics

Ransomware groups are no longer relying solely on phishing emails or brute-force attacks. Increasingly, they are turning to help desk and supply chain compromises to gain initial access.

Help desk style attacks often begin with a series of phishing attempts followed by a phone call from someone impersonating IT support. The goal is to convince employees to share credentials or install malicious software. Groups such as Black Basta have successfully used this tactic to breach major organisations.

Meanwhile, supply chain attacks continue to grow in sophistication. Instead of targeting retailers directly, attackers infiltrate trusted software or hardware partners and exploit zero-day vulnerabilities to move laterally into a target’s network. Because these attacks piggyback on legitimate systems, they are harder to detect and can cause widespread disruption. Hackers prey on the extensive and complex nature of retail supply chains to find different points of exploitation where they can slip under the radar.

A robust, multi-layered threat intelligence programme is essential for identifying these evolving tactics early. Proactive threat hunting and continuous monitoring can reveal indicators of compromise, before an attack takes hold.

Defending against ransomware delivered through zero-day flaws also means embedding full supply chain risk management into business processes. Retailers should map third-party dependencies, verify code integrity during updates, and insist on vendors demonstrating secure development practices.

Managing insider risk

Insider threats are another growing concern. Whether intentional or accidental, an insider’s access can make or break a company’s defences. Attackers increasingly use social engineering to persuade employees to reveal credentials or authorise unauthorised actions, often through convincing impersonations of colleagues or partners.

Recent incidents, such as the social engineering attack on BBC Cyber Correspondent Joe Tidy, illustrate how even security-savvy professionals are targeted. Of course, in this instance Joe didn’t take the bait of ‘never having to work again’ in return for providing access to BBC systems. But retailers must ensure robust and ongoing awareness training for all employees, reinforced by clear policies, easy reporting mechanisms, and a culture of vigilance. Cyber threat intelligence can provide insight to inform each of these steps, so they are effectively prepared for real-world risks.

Magecart attacks

While ransomware attacks and insider risk are always present, the last quarter of the year also sees an uptick in Magecart attacks. These are web-based attacks targeting ecommerce sites that are carried out by multiple threat groups. These groups target vulnerable online shops to install code that effectively acts as a “skimmer” – syphoning off personal data, including credit card information, from ecommerce transactions. They are especially prolific this time of year because of the increase in holiday shopping which means their attacks often go unnoticed by the victim websites and the consumers affected by these attacks.

Retailers must stay vigilant and prioritise cyber security even – and especially – in busy periods such as peak season.

Understanding cyber’s latest weapon – AI

Generative AI is transforming the way cyber criminals operate. It allows attackers to craft highly convincing phishing messages, clone voices, and tailor communications using information drawn from public profiles or company updates. What once required language skills and technical expertise can now be achieved at scale and across borders, and at speed.

For instance, help desk attacks once confined to Western groups are now being replicated globally. AI tools enable non-native-speaking actors to translate scripts and mimic local dialects, making impersonations sound authentic. This sophistication lowers the barrier to entry for cybercrime and makes detection far more difficult.

The true danger lies in the combination of AI and social engineering. By exploiting trust, urgency, or helpfulness, attackers can nudge employees into making harmful decisions that bypass technical safeguards.

To counter this, retailers need to integrate AI-awareness into their security culture. Training should include simulated scenarios that mirror real-world attacks, helping staff recognise how convincing AI-assisted tactics can be. Regular updates based on emerging intelligence will ensure teams remain alert to new methods, with employees better informed about exactly what they’re up against.

Beyond Cyber Security Awareness Month

There is no single, definitive way to prevent cyber attacks. Defence must be multi-layered and adaptable, combining technology, intelligence, and human awareness. The goal is not only to respond quickly when incidents occur but to anticipate and disrupt attacks before they succeed.

Many retailers already have the necessary tools – firewalls, endpoint protection, monitoring systems – but these must be fine-tuned and integrated into a coordinated strategy. Cyber Security Awareness Month is an opportunity to take stock, review procedures, and strengthen the collaboration between security teams, employees, and suppliers.

Cyber security isn’t just for October. Building resilience is an ongoing process, and now more than ever, it is time to make cyber security awareness part of everyday business.