By: Mark Cline, Vice President at Netsurion
With today’s business uncertainties and evolving threat landscape, retailers and their supply chain must adapt to unpredictable consumer demand, shrinking margins, labor and skill shortages, and the ever-present risk of cybersecurity threats. The Identity Theft Resource Center reports that the average costs of a data breach is now $8.2M plus the impact of damaged brand reputation, customer trust, and employee loyalty. As a trusted advisor, you face the challenge of improving protection for retail establishments and their ability to integrate new digital technologies. While there is no silver bullet, there are actions that can deter cybercriminals, improve compliance, and enhance cybersecurity maturity for you and your end customers. Take proactive steps now to boost your threat protection and compliance management.
Why Hackers Target the Retail Supply Chain
Many retailers fail to think of themselves as targets, viewing their organization’s footprint and brand as too regional to attract cybercriminal attention. As part of a supply chain built on maintaining customer trust and avoiding negative publicity, you are also at increased risk. For hackers, every organization is a target. Furthermore, a compromise in one point of sale (POS) system can propagate to other global customers, creating a chain reaction if not adequately mitigated. Persistent adversaries often target specific industries or vendor systems to find the “weakest link” to efficiently exploit.
Boost Your Cyber Defenses
Staying competitive and profitable in this challenging environment requires a blend of people, process, and technology. Here are some critical recommendations that won’t break the bank for retail technology providers and the customers you protect:
- Focus on cybersecurity fundamentals.
Don’t forget basics that are low hanging fruit for attackers. Use network segmentation to partition customer networks to limit the “blast radius” and ease restoration after a potential cyberattack. Avoid default settings on devices that represent the first path that hackers will try. Finally, rapidly apply security patches when they are released, especially for public websites and applications. According to Ponemon Institute, 60 percent of data breaches are caused by a failure to patch known vulnerabilities. It doesn’t take a sophisticated hacker to exploit bugs in well-known devices and applications.
- Prioritize threat remediation to the most significant retail threats.
Your customers may uncover hundreds of vulnerabilities after a scan or penetration test. You can use the Common Vulnerability Scoring System (CVSS) to rank the relative severity of publicly known software vulnerabilities. Map the prioritization to each customer’s specific infrastructure and risk profile. Prioritize these vulnerabilities based on asset value and weaponization – the process cybercriminals use to attack their victims. Also, avoid false positives or less likely threats that waste valuable time by working with cybersecurity analysts who offer real-world remediation advice.
- Elevate cybersecurity to gain executive involvement and funding.
A recent Gartner study finds that the evolving threat landscape is the top concern for security and risk leaders. Involve executives of your customer organizations in planning and risk management as cybersecurity is not just an IT issue. Help your customers stretch their budgets with comprehensive threat management and a defense-in-depth solution that saves time and money. Security technology and solutions don’t have to be complicated or intimidating. As a retail industry role model, you can also lead by example, implementing the people, process, and technology to protect your own organization more fully.
- Augment your staff and expertise in light of the cybersecurity skill shortage.
The global shortage of over 3 million security professionals has created a cybersecurity staffing crisis. According to Cybersecurity Skills Gap Survey, almost 60 percent of organizations state that the staffing shortage impacts their risk posture. If you could hire a cybersecurity expert, retaining them over time becomes an even more significant challenge as larger enterprises woo staff away. A managed cybersecurity solution offers an affordable and flexible approach for service providers to scale up quickly and help end-customers better protect infrastructure and sensitive data. - Connected devices add business opportunities as well as threats.
New digital shopping experiences require protecting transactions and data with full monitoring and visibility. Technology has transformed customer engagement, enabling today’s approaches such as curbside POS, digital signage, and expanded Wi-Fi coverage for line busting in the drive-thru. But the risk of vulnerabilities increases with every new type of device that connects to the retail network. POS ransomware threats are rising as cybercriminals use them to disable POS systems. With few options, companies may be willing to pay large sums to get systems back online. Traditional security approaches like firewalls alone are insufficient against modern malware and well-armed attackers.
LOOKING AHEAD
Financially motivated threat actors are an increasing threat to the retail industry, from crippling ransomware to data theft to stolen gift cards. Offer your customers a more simplified and agile experience while helping organizations better predict, prevent, detect, and respond rapidly to cybersecurity threats. Also, better security makes Payment Card Industry Data Security Standard (PCI DSS) compliance easy and efficient. Enhance visibility into advanced security threats with 24/7 monitoring, threat correlation, and user behavior analytics to elevate your security posture and speed time to detection. While retail data breaches are costly, remediation solutions need not be expensive or time-consuming.