ISJ Exclusive: A trusted partner for year-round threat protection

ISJ May Edition Exclusive

Rick Jones, CEO and Co-Founder, DigitalXRAID explains why retailers need proactive cybersecurity.

It’s clear that the retail sector has become a key target for cyber-criminals. Recent high profile breaches are the latest in a string of cyber-attacks across the industry – these incidents have resulted in the theft of employee and customer data and have even forced one company to shut down its online operations.

In this environment, cyber-attacks are no longer an ‘if’ but a ‘when’ for retailers who urgently need to find ways to proactively bolster their cybersecurity and mitigate against the growing cyber-threat to their industry. And with cyber-attacks on big brands typically making news headlines, it’s vital businesses of all sizes in the sector do the same.

The good news, however, is that there are measures organisations can implement to improve their frontline defences, maintain good cyber hygiene and support IT and security teams with threat monitoring and remediation.

Why retailers are vulnerable

A number of factors are contributing to the growing frequency of data breaches in the industry. The economic environment and the way of doing retail business has shifted in recent years. Catalysed by the pandemic, the sector has digitalised and increased its migration to e-commerce in an effort to attract shoppers and drive business. Simultaneously, this has expanded the attack surface for bad actors to exploit. The introduction of online buying options, as well as contactless payment, has compounded the issue and made it difficult for retailers to protect sensitive customer data.

In the current economic climate, retailers are operating on tight budgets, with high inflation and the cost-of-living crisis reducing customers’ ability to shop and spend. Dedicating sufficient resources to improving cybersecurity is therefore a significant challenge – especially for smaller organisations with even less investment to work with – all while IT and security teams are likely already overworked as the cyber skills gap in the UK grew by over 70% last year. The retail sector in particular is also still permeated with legacy systems that are more difficult to maintain, update and protect; frequent mergers and acquisitions (M&A) across the sector require teams to integrate disparate systems.

Taken together, the retail industry has become low-hanging fruit for cyber-criminals, who are leveraging various threat vectors to gain access to brands’ IT environments. And, the more successful breaches that occur, the more lucrative this industry appears – and the more these businesses will be exploited by hackers.

Frontline protection

For any organisation, people are the first line of defence against potential data breaches. The rise of phishing is proving successful for cyber-criminals, with malicious emails sent to employees in the hope of gaining access to the organisation’s systems and IT infrastructure. Yet, the Department for Digital, Culture, Media & Sport’s (DCMS) 2022 Cyber Security Breaches Survey found less than 20% of retailers and wholesalers have had training or awareness sessions on cybersecurity in the previous 12 months. Not only does the value of cybersecurity need to be instilled in employees, but the importance of cybersecurity training must be understood and implemented across organisations.

Fundamentally, training and awareness programs help to promote a security-first mindset across an organisation – from the shopfloor to the boardroom. Conducting frequent cybersecurity awareness training with a ‘little and often’ approach is advised, covering best practice like how to use strong passwords, keep devices secure and recognise phishing attacks.

Regular phishing simulations are effective for helping employees defend against social engineering attacks. By testing employees’ awareness and ability to identify suspicious emails and links, simulations educate staff on the dangers of social engineering and what to do if they receive a suspected phishing email. They also help employees recognise tactics used by cyber-criminals. Measuring the results of phishing simulations and other cybersecurity awareness training programs is important for retail organisations to understand where staff need more support to ensure cybersecurity is kept front of mind 24/7/365.

Defence in depth

Although awareness training and simulations are a vital element of any mature cybersecurity strategy, humans are fallible. There is always a chance that a cyber-criminal slips through an organisation’s frontline defences. Retailers therefore must also work proactively to ensure depth of defence and reduce the chances of a hacker deploying harmful malware or accessing customer and employee data even if a malicious link is clicked. Good cyber-hygiene, strong encryption, privilege access management and multi-factor authentication are all crucial factors for better protecting information like contact and payment details.

It is also vital to have an incident response (IR) plan in place if the worst happens, including steps for identifying the attack, containing the incident and restoring systems, which can all reduce critical downtime for retailers. An IR plan should also cover communication with customers and employees. Suffering a cyber-attack can cause reputational damage to a brand, but staying silent when a breach occurs only exacerbates the issue – customers need to be informed and proactively preparing for this eventuality can help reassure those potentially affected by a breach.

However, to really put themselves in the best defensive position against the expanding threat landscape, engaging with a trusted security partner is one of the best ways retailers can bolster their cyber-resiliency and reduce the likelihood of a breach. Security partners can offer independent advice and conduct vulnerability scans and penetration testing to identify unknown weaknesses in security posture, giving in-house teams the time and support necessary to remediate vulnerabilities.

Ultimately, for those attacks that do sneak through, introducing a managed service like a security operations centre (SOC) will allow for a more holistic approach towards proactive cybersecurity protection for retail businesses. Incorporating 24/7 threat detection, dark web monitoring and log management, SOCs leverage Intrusion Detection (IDS) and SIEM-based logging, which are both essential to provide real time visibility for SecOps teams.

Looking ahead

In a climate where retailers require a strong online presence to remain profitable, finding ways to proactively strengthen their cybersecurity posture is vital. As the first line of defence, investing in awareness training and phishing simulations for staff is invaluable in helping to promote a strong security culture across the business and mitigating against increasingly frequent and damaging phishing attacks. And, for when incidents do occur, ensuring sufficient depth of defence has been proactively implemented is critical, including good cyber-hygiene and IR plans.

Falling victim to a cyber-attack can be fatal for a retailer, with disruption and downtime posing both financial and reputational threats to brands. To best reduce the likelihood of a data breach and minimise the potential damage of a successful attack, working with a trusted security partner to ensure year-round threat monitoring, detection and remediation is an increasingly popular option for retailers. Outsourcing to a SOC brings together the aggregate value of experienced security experts and delivers return on investment for retail businesses’ limited cybersecurity budgets.

This article was originally published in the May edition of ISJ. To read your FREE digital edition, click here.