By: RSPA Security Advisory Group
The latest RSPA Security Advisory Group discussion highlighted six critical cybersecurity trends affecting VARs, ISVs, MSPs, and other retail technology providers.
This discussion recap offers insights retail IT channel leaders should focus on as they plan for the year ahead:
- Phishing Remains Dominant,But Smishing Is Growing Faster
Phishing continues to be the most common and effective attack vector targeting retail IT organizations. However, a significant shift is occurring: text-based phishing (“smishing”) is accelerating quickly. Attackers increasingly use SMS messages to impersonate password tools, internal systems, or trusted vendors, and prompt users to provide credentials.
Because many organizations rely heavily on email filtering but lack robust controls around SMS, attackers view mobile channels as an easier and more direct path to the user. Successful smishing attempts are often simple, relying primarily on users acting quickly without verifying authenticity. This trend signals the need for employee training and awareness that extends beyond email-based threats.
- Security Fundamentals Are Declining Across the Channel
The retail IT channel made substantial progress over the past decade, especially around payment security, but attention to core cybersecurity hygiene has weakened in recent years.
This regression stems partly from the perception that technologies like point-to-point encryption have reduced overall risk. While payment card data may be better protected today, organizations still store sensitive operational, personal, and credential-based data that attackers routinely target. Many modern breaches originate from simple oversights like weak credential handling, skipped verification, outdated controls, and inconsistent adherence to policies.
Attackers take advantage of these lapses. The discussion made clear that strengthening fundamentals remains one of the highest-impact opportunities for reducing risk.
- AI Is Enabling More Convincing and More Personalized Attacks
The group emphasized a growing trend: attackers are leveraging AI tools to produce highly polished, convincing, and targeted messages. Traditional warning signs – poor grammar, awkward phrasing, and formatting errors – are quickly disappearing.
AI supports attackers in several ways:
- Generating well-written, realistic phishing messages
- Automating personalization using publicly available information
- Creating deceptive look-alike domains (typo-squatting)
- Scaling attempts that appear human-crafted
These advancements increase the likelihood that employees will trust fraudulent communications. AI is effectively raising the baseline quality of social engineering attacks, making human judgment both more essential and more challenging.
- Workforce Pressure Is Increasing Cyber Risk
Retail IT teams today are leaner, busier, and operating under greater time pressure. Employees must respond quickly to internal requests, customer needs, and operational demands. In this environment, security checks and verification steps are often bypassed.
Attackers exploit urgency and distraction. Social engineering campaigns now frequently mimic time-sensitive requests or routine operational communications, knowing that overwhelmed employees may click or approve without hesitation.
The group underscored that building secure organizations requires creating workflows that allow employees the time and support to verify message authenticity instead of relying solely on constant vigilance.
- Compliance Expectations Are Tightening–and Evidence Is Now Required
Regulatory bodies, cyber insurers, and compliance frameworks are demanding more detailed proof of security controls. Self-attested questionnaires and verbal assurances are no longer being accepted at face value.
Organizations are increasingly required to demonstrate:
- Documented, enforced security policies
- Formal incident response plans
- Evidence of tabletop exercises
- Accurate records showing controls are implemented and monitored
This shift reflects a broader trend toward verifiable security rather than stated intent. For retail IT providers, this means aligning early with PCI DSS 4.0 requirements, ensuring cyber liability applications are accurate, and preparing documentation that can withstand scrutiny.
- Human Behavior Remains the Core Challenge
Despite advancements in technology, the discussion repeatedly returned to the same theme: people remain the biggest vulnerability and the most essential line of defense. Most breaches succeed because a person clicks, approves, or acts without verifying.
Effective security cultures must incorporate ongoing reinforcement, practical training, and realistic expectations. Employees cannot remain at high alert indefinitely; instead, organizations should use training cycles that maintain awareness without causing fatigue.
Conclusion
The current cybersecurity landscape for retail IT is shaped by evolving attacker techniques, rising operational pressures, and stricter compliance demands. To stay secure in 2026, retail IT leaders must double down on fundamentals, prepare staff for AI-enhanced social engineering, strengthen documentation and compliance processes, and design workflows that support secure decision-making.
By focusing on these priorities, the retail technology channel community can significantly reduce risk and build a more resilient security posture in the year ahead.
