How Tuesday Morning Improved Security Without Restricting Business Operations

Retailers have long been top targets for cyber adversaries given their data-rich environments. But now, cybersecurity threats have become an even bigger concern. Throughout the pandemic, retailers have doubled down on e-commerce to maintain business continuity and meet growing consumer demands for personalization, speed and choice. This rapid shift means some retailers are processing and storing even more sensitive customer data without the proper compliance and cybersecurity best practices in place. That’s a risky move given what breaches cost retailers: brand reputation, revenue and customer loyalty can all be severely impacted.

It only makes sense that as part of this digital business model, retailers must rethink their cybersecurity efforts and leverage a security platform — one with world-class threat intelligence at its core. Tuesday Morning, a national retail chain established in 1974 that specializes in selling high-quality and designer brand closeouts at discounts, has demonstrated how retailers can improve their security posture without restricting business operations.

Like many businesses, Tuesday Morning faces frequent threats such as ransomware, phishing and other malicious attacks. With thousands of people visiting its stores every day and thousands of endpoints handling its business operations, the company’s threat surface is particularly broad.

Tom Sipes, director of IT security and compliance at Tuesday Morning, had been tasked with maintaining a focus on business continuity while securing the company’s 5,000 employees and millions of customers across 490 stores. But 18 months ago, Sipes inherited legacy security tools.

“Our security posture wasn't bad, it was just that a lot of stuff was cobbled together because of spending limitations and challenges like the pandemic,” he said.

For Sipes, one of the main reasons for choosing the CrowdStrike Falcon platform was to ease the burden of handling security manually. “Our security team is small,” said Sipes. “The solution we needed had to be manageable, functionable, and something that I could operate automatically and still have the confidence that everything would be protected.”

CrowdStrike has transformed the way Tuesday Morning manages security, from reducing costs and workload to increasing visibility, streamlining operations and improving protection. Tuesday Morning did a cost/benefit analysis on CrowdStrike and with no staff changes, it's forecast to save $250,000 in the first year and $500,000 over the next three years based on efficiencies.

Alongside cost savings, CrowdStrike delivers significant security and operational improvements. “In security, we're always reacting to an event,” Sipes explained. “What CrowdStrike does is what I call ‘proactive reactive.’ We can now get very close to the time of the attack, so that we're almost executing the kill chain as soon as the event happens.”

Sipes cited one example when an engineer was upgrading some software and inadvertently downloaded information that contained malicious code. Within two seconds, the CrowdStrike Falcon platform detected the code. Within eight minutes, it had stopped the incident.

“The only thing the developer knew was the installation stopped for about 10 seconds while the malicious code was removed,” Sipes said.

Critically, neither Sipes nor his security staff needed to intervene. “I was sitting at home in the morning drinking a coffee and noticed an email alert,” Sipes said. “I pulled up the dashboard and watched the entire kill chain as CrowdStrike dealt with the incident automatically. I see potential attacks, but CrowdStrike stops them.” For example, Sipes said, Falcon Identity Threat Protection extends “our existing multifactor authentication (MFA) to legacy on-premises apps to help stop lateral movements — attacks are being contained and I don't need to take action.”

Falcon Identity Threat Protection not only integrated seamlessly with Tuesday Morning’s existing MFA solution, but also extended this MFA to protect legacy on-premises applications that were developed internally. This was achievable without requiring any additional configurations or customizations to these existing legacy applications — enabling protection with risk-based MFA tied to the appropriate security policy. Users across the business also are seeing minimal disruption.

Another common problem across retailers is the burden of mundane security or maintaining compliance. Sipes and his small team oversee the cybersecurity of 5,000 staff. With CrowdStrike, they're able to do a lot more.

“One of the biggest benefits of CrowdStrike is taking away the need to look at consoles, search for malicious code or analyze incidents,” Sipes said. “Instead, CrowdStrike enables us to focus on more important work and taking the business to the next level. CrowdStrike gives us a great work/life balance and, in terms of improved productivity and adding value to the business, the difference is night and day.”

As retailers are thinking about securing their shopping experiences, they need to consider how best to protect their inherently broad attack surface. Cybersecurity solutions need to be manageable, functional and easy for IT and security leaders to operate automatically with confidence that all assets will be protected. Leveraging a security platform is crucial to business continuity, digital transformation efforts, and customer loyalty.

Eran Cohen is director of product management, identity at CrowdStrike, a global cybersecurity leader with an advanced cloud-native platform for protecting endpoints, cloud workloads, identities and data.