Understanding the Security Needs of Retailers
Remember when a retail transaction was as simple as going to a store, selecting your items off the shelf, bringing them to a cashier, and making your payment in cash or check?
Those days are long gone.
The Security Risks of Digital Transformation
Almost every retail transaction is significantly more complex and involves some level of personal customer data. Retailers are using advanced analytic tools to gather information on customer behavior, both online and in-store. These strategies allow retailers to optimize product assortment, placement, and pricing in-store to drive profits. Online, analytics are used to maximize digital merchandising effectiveness. Of course, most transactions now take place using payment cards, which hold our most critical data — account information.
This begs the question: How do retailers go about protecting the data they now rely on?
They need to ensure they maintain confidentiality, integrity and availability, also know at the CIA triad.
- Confidentiality: Only authorized personnel should have access, and only to the data they need.
- Integrity: Data should be securely transmitted and stored, and no one should be able to tamper with it.
- Availability: Authorized personnel should have access to the data whenever needed.
By the Numbers
According to a 2018 report from Thales, 50 percent of retailers experienced a data breach, and this was before the pandemic drove an online shopping boom. In fact, CSOonline suggests that phishing attacks, resulting in compromised usernames and passwords, account for more than 80 percent of security incidents. Meanwhile, Digital Shadows notes that compromised usernames and passwords have risen by 300 percent since 2018. This data suggests that many organizations fail to meet the expectations of the CIA triad, impacting their security posture and leaving them vulnerable to future threats.
Protecting the Consumer and Retailer
Retailers should look holistically at their end-to-end network, whether considering customer analytics or transactional data.
Multifactor authentication (MFA) is a great starting point to protect consumers. In addition to user credentials, MFA requires additional steps to log into accounts. This may include a code sent to a trusted device, or biometrics. This ensures that the user is who they say they are, and with appropriate access controls, can only access data they should have access to.
While protecting the consumer online, this same technology protects retailers, too. Retailers increasingly use handheld devices to make associates more productive. Leaving one unattended may accidentally result in giving a hacker access to data or provide them with an opening to attack the broader store network. MFA should ensure they cannot gain access.
The same holds true for non-store-based employees. Hybrid work has expanded our technology footprint beyond the four walls of a corporate location. Appropriate access controls make sure that a trusted user can access appropriate data from a trusted location. All it takes is one weak link for a vulnerability to become an intrusion.
Availability is an area of the CIA triad that's frequently overlooked. Any number of issues may prevent or degrade service availability, including cyberattacks. Application Performance Management (APM) proactively monitors, detects and responds to potential issues in availability before they impact a user. This provides consistent, reliable experiences for both consumers and associates.
Adapting to a Changing Landscape
Every organization bears a responsibility to protect its customers’ data. Cybercriminals will always look for new ways to get inside a network. A breach could ultimately result in damage to the brand, lost revenue, and loss in consumer trust. By adopting a zero-trust approach and implementing some basic cyber-hygiene, retailers can securely support future innovation, while being agile and responsive to changing business needs.
Mark Scanlan is the global retail lead at Cisco, a provider of networking, cloud and cybersecurity solutions.
