Every September sees fashion week season swing into gear. From the catwalks of Milan to London, a range of retailers compete to showcase the best designs and the rising talent behind them.
But, the word ‘retail’ has not been so fashionable of late, especially on the UK high-street. From major closures such as House of Fraser through to damaging data breaches on the likes of Superdrug, it would seem that there has never been a more challenging time for the sector. Now, more than ever, retailers have to enhance their IT infrastructure to keep up with changing customer demand, without compromising on security.
So, how can this be done in today’s competitive and customer-centric climate?
Privileged access management on the front row
As instore retailers offer a more digitised ‘retail theatre’ experience and indeed online retailers expand their offerings, privileged access security has to protect both the front-end devices such as tills to the back-end IT infrastructure. The Internet of Things (IoT) and the rapid adoption of cloud services are bringing a whole new threat landscape to the shopping experience. In-store retailers are increasingly looking to emulate the ‘Amazon effect’ in their stores, where customers can use phones as coupons to pay or whereby sensors and smart beacon technologies can predict whether a shopper is going to make a certain purchase or not. With a greater proliferation of devices, and indeed data now stored in a shop, there are more ‘ways in’ for savvy hackers to infiltrate the network. For online retailers, the challenge remains to stay one step ahead when it comes to safeguarding customer data. To stay secure, retailers must invest in privileged access security to assist in constantly monitoring networks for cyber threats such as malware, ransomware or phishing scams.
This needn’t be a daunting task and can be broken down into manageable steps. Firstly, retailers must look to eliminate irreversible network takeover attacks as best as possible. Secondly, it is essential that on-premise cloud infrastructure accounts are controlled and secured. To do this, retailers must vault all well-known infrastructure accounts and automatically rotate passwords periodically after every use.
Taking these first steps is of increasing importance, especially in the online retail sector where brands are entrusted to store more data such as credit card details and addresses, than ever before. Finally, take a leaf from other sectors. Many businesses across a range of industries from banking to manufacturing are hiring a team of ethical hackers to always test critical systems. To protect from hackers, you have to think like one continuously.
These tactics have to take front row if retailers want to stay one step ahead and keep critical customer data safe.
Designing new mindsets
Before new privileged access security measures are implemented however, education has to take place. A recent Accenture study showed that 70% of 2,000 UK employees who received cyber security training felt that it enhanced their ability to recognise potential threats and motivated them to be more vigilant. Empowering employees to understand the new threat landscape has to be front and centre. But, it also has to go one step further than this to rewarding employees for spotting any potential threats, and this is where retail needs to progress. Our own statistics from CyberArk’s annual Threat Landscape report revealed that only 39% of IT decision makers working in retail would reward employees who helped to prevent a security breach in 2018. This lags behind IT & telecoms at 62% and healthcare at 42%.
How can these mindsets be changed? Typically, the retail sector has lagged behind other sectors, as it often employs IT contractors, rather than in-house staff to be upskilled and trained in cyber security best practice. The fight against cyber-attacks has to involve all employees, right from the staff on the shop floor (who are now interacting with more analytics-based technology more than ever)to the chief technology officers behind major online brands. Basic training in ‘cyber hygiene’ is crucial to ensure that all employees are equipped to deal with cyber attacks before they happen and not let malicious hackers into the network.
This fashion week season, retailers must take steps to refresh their cyber hygiene and ensure that they keep the negative headlines at bay. Delivering an innovative and differentiated customer experience at pace is critical for high street survival today, but ensuring robust security is just as important and shouldn’t be an afterthought. Consumers will only place complete trust in the retailers that take the strongest measures to safeguard their data. Those retailers that stay in fashion will be those that see technology as an enabler for ‘good business’ and place a strong cyber security at the heart of the shopping experience.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.