Retail's Digital Revolution and the Challenges of Keeping Data Safe

In this digital age of retail, hackings and data breaches have become part of the normal course of business. The retail industry gathers and stores an abundance of customer information, from credit card numbers to home addresses, email addresses and phone numbers. This data, when compiled, can be very valuable, incentivizing cyber criminals to infiltrate retailers’ systems.

As thousands of connected devices now perform transactions, move supply chains and manufacture goods, retailers are struggling to remain ahead of cyber threats. While it's certainly not alone, Amazon.com's recent breach demonstrates the constant struggle for retailers to keep pace with hackers in today’s technological landscape.

Like every industry, retail needs to stay ahead of the evolving threats and make cybersecurity a priority to secure both their company and their customers’ data. Taking the proper steps to guard this sensitive information can be costly, but in the long run will not only save money, but also limit the opportunity for consumer distrust that stems from any breach. There are numerous ways hackers can penetrate retailers’ data centers, including in-store point-of-sale systems, e-commerce sites or employee mobile devices. An unsecure network may leave many companies vulnerable to an attack, especially with the increased adoption of mobile and IoT technology in the manufacturing, storage, sales and shipping processes.

Hackers’ Motivations and Methods

This past year, approximately three out of four breaches were financially motivated, and credit card numbers are only part of the personal data that cyber criminals leverage for compensation. But credit cards are the gateway for this access — if cyber criminals act quickly, they can evoke fraud through gift card purchases and returns.

Since 2016, Payment Card Industry (PCI) compliance has been the most widely used standard for regulating financial data, but it doesn't govern names, addresses or purchases — all of which are typically saved for rewards programs or mailing lists. As a result, cybercriminals often bypass PCI-protected data in favor of a softer target: personally identifiable information. This data can be leveraged to exploit loyalty programs and carry out online fraud due to the lack of regulation.

How to Stop a Breach Before it Happens

Effective digital identity management enables retailers to secure access to business-critical data and devices, strengthen PCI compliance, and adopt digital transformation without compromise to consumers.

Before creating a strategy, businesses must first scan their website for vulnerabilities that could lead to point of entry for hackers. It’s important to look for holes within domain providers in order to better understand where data could be exposed. Administrative portals, which can be accessible by the public, are often vulnerable and increase the risk of exposure. Additionally, a simple password policy ensures that employees don’t keep using default settings that can be monitored and hacked.

Once businesses determine where they could be exposed, they must audit their current roster of digital certificates. Expired keys and certificates can quickly lead to the same problem caused by hackers: a systemwide outage. It's important for businesses to know where they stand by updating certificates in order to secure identities and prevent a breach of customer information. One way to stay ahead of certificates and keys is automation, which can help prevent crucial oversights caused by human error. Investing in automated digital identity management will help retailers get ahead of the cyber warfare that will only continue to wreak havoc on the industry. Retailers will be able to secure keys and certificates at the speed and scale required, leaving hackers unable to get into their systems.

Kevin von Keyserling is CEO and co-founder of Keyfactor, the market leader in digital security management for numerous Fortune 500 companies.