* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [Predictions](https://www.paloaltonetworks.com.au/blog/category/predictions/)
* 2018 Predictions \& R...

# 2018 Predictions \& Recommendations: What Retailers Should be Thinking About and Planning for

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2017%2F12%2F2018-predictions-recommendations-retailers-thinking-planning%2F)  
[](https://twitter.com/share?text=2018+Predictions+%26%23038%3B+Recommendations%3A+What+Retailers+Should+be+Thinking+About+and+Planning+for&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2017%2F12%2F2018-predictions-recommendations-retailers-thinking-planning%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2017%2F12%2F2018-predictions-recommendations-retailers-thinking-planning%2F&title=2018+Predictions+%26%23038%3B+Recommendations%3A+What+Retailers+Should+be+Thinking+About+and+Planning+for&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2017/12/2018-predictions-recommendations-retailers-thinking-planning/&ts=markdown)  
\[\](mailto:?subject=2018 Predictions \& Recommendations: What Retailers Should be Thinking About and Planning for)  
Link copied  
By [Christopher Budd](https://www.paloaltonetworks.com/blog/author/christopher-budd/?ts=markdown "Posts by Christopher Budd")  
Dec 19, 2017  
4 minutes  
[Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)  
[Retail](https://www.paloaltonetworks.com/blog/category/retail/?ts=markdown)  
[2018 Predictions \& Recommendations](https://www.paloaltonetworks.com/blog/tag/2018-predictions-recommendations/?ts=markdown)  
[Cryptocurrency](https://www.paloaltonetworks.com/blog/tag/cryptocurrency/?ts=markdown)

[](https://www.paloaltonetworks.com/blog/predictions/)  
[![cpr retail Blog 600x300](https://www.paloaltonetworks.com/blog/wp-content/uploads/2017/12/cpr-retail-Blog-600x300.png)](https://www.paloaltonetworks.com/blog/predictions/)

*This post is part of an ongoing blog series examining predictions and recommendations for cybersecurity in 2018.*

Overview

I see two big things in 2018 that the retail world should think about and plan for:

1. Retail transactions will be processed on more insecure and unsecurable platforms than ever.
2. The surge in cryptocurrency prices will drive cybercrime innovation in new, unexpected and unpredictable ways, which may pose major risks for retail.

Retail transactions will be processed on more insecure and unsecurable platforms than ever.

In the early days of electronic retail transactions, they were done on a single platform that was totally under the control of the retailer. When e-commerce began in the late 1990s, that scope expanded to include the retailer's internal platform, its e-commerce platform and the platforms from which shoppers accessed those (Windows, or Mac).

Today, you literally can't count the number of platforms involved in retail transactions. And as the number of platforms has exploded, so has the problem that many of these are inherently insecure and can't be made secure. Whether it's an online shopper using a Windows XP system, an in-store shopper using an old Google Android smartphone, or someone using a new, wearable IoT device with a built-in wallet (but no built-in security), the fact is that retail transactions now are being done on fundamentally insecure and unsecurable platforms. And the proliferation of new devices, combined with how older systems and devices become insecure and unsecurable over time, means this problem will get worse in 2018.

Recommendation:  
Retailers need to adopt a [Zero Trust architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture) approach that reflects this reality. By realistically assuming that many of the platforms in the end-to-end transaction can't be trusted, defenders can focus their prevention and protection efforts around what they can trust and defend.

The surge in cryptocurrency prices will drive cybercrime innovation in new, unexpected and unpredictable ways, which may pose major risks for retail.

Like I outlined in my recent retail [Threat Brief: Unauthorized Coin Mining -- A New Threat Facing Shoppers and Retailers This Holiday Season](https://www.paloaltonetworks.com/blog/2017/12/threat-brief-unauthorized-coin-mining-new-threat-facing-shoppers-retailers-holiday-season/), we've seen a disruption in the threat space recently in the form of unauthorized coin mining attacks. These constitute a new class of attack, and they're being driven by the surge in the prices of cryptocurrencies like bitcoin. We're already seeing innovation around attacks focused on getting cryptocurrency into the hands of attackers.

If we look at ransomware as a guide, we saw an explosion in innovation and development as ransomware became an ever-more-lucrative area for attacks. I expect cryptocurrency attacks to follow suit.

The retail sector has acute exposure to these potential threats. The close relationship between retailers and online financial transactions, retailers' strong presence as trusted internet sites, their trusted logos, and name recognition all make an environment that leaves retail particularly vulnerable to new attack in this area.

Whether it's the risks of attackers trying to mine cryptocurrencies off popular shopping sites, trying to launder stolen cryptocurrencies through gift cards, or using online retailers' names and logos as lures to cryptocurrency mining sites, retailers and their customers could be prime targets in this new threat environment.

The challenge is this: cryptocurrency theft and fraud are such new threats that we can't fully scope them yet. That uncertainty makes this threat all the harder to mitigate. We are dealing with the worst kind of threat to assess: the "unknown unknown."

Recommendation:

With a little-yet-understood new factor in the threat environment, the critical practice of keeping up to date on threat intelligence and the latest threat trends is even more important. Equally important is supporting and participating in information sharing programs so that new threat trends can be quickly identified and defenders can work together to counter these new threats more quickly.

Additionally, adopting a Zero Trust architecture approach can help focus prevention efforts on the things that can be controlled.

Finally, it's critical to maintain a heightened security posture to react quickly as new classes of attacks emerge. In an environment like this, it's not enough to simply be ready to deploy new technological countermeasures: prevention, in this case, may well require rethinking your security posture.

*** ** * ** ***

## Related Blogs

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2018 Predictions \& Recommendations: Data is the New Oil and Integrity is the Key](https://www.paloaltonetworks.com.au/blog/2017/12/2018-predictions-recommendations-data-new-oil-integrity-key/)

### [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2018 Predictions \& Recommendations: The Era of Software Supply-Chain Attacks Has Begun](https://www.paloaltonetworks.com.au/blog/2017/12/2018-predictions-recommendations-era-software-supply-chain-attacks-begun/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2018 Predictions \& Recommendations: The Ransomware Epidemic Continues](https://www.paloaltonetworks.com.au/blog/2017/12/2018-predictions-recommendations-ransomware-plague-just-beginning/)

### [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2018 Predictions \& Recommendations: Horizon Scanning in EMEA for 2018 and Beyond](https://www.paloaltonetworks.com.au/blog/2017/12/2018-predictions-recommendations-horizon-scanning-emea-2018-beyond/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2018 Predictions \& Recommendations: The Internet of Things Blurs the Line Between Personal and Corporate Security](https://www.paloaltonetworks.com.au/blog/2017/12/cso-2018-predictions-recommendations-internet-things-blurs-line-personal-corporate-security/)

### [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2018 Predictions \& Recommendations: The Cloud Will Accelerate Channel Partner Migration to Next-Generation Security Innovators](https://www.paloaltonetworks.com.au/blog/2017/11/2018-predictions-recommendations-cloud-will-accelerate-channel-partner-migration-next-generation-security-innovators/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language