Don’t look now, retailers, but your security may not be showing
- Posted on October 27, 2021
- Estimated reading time 3 minutes
The list is long, with frighteningly familiar retail names on it from all over the world (Target, Macys, Saks Fifth Avenue, Home Depot, Whole Foods, Wendy’s, Chipotle, Coop Sweden). All these organizations have had security breaches. And in 2021 the list continues to grow (Bonobos, Kroger, Hobby Lobby, CVS Health, Carters, Wegmans). An all-too-familiar scenario is what happened to the fashion retailer, Guess, who announced over the summer that it had been hit by a ransomware attack from an unauthorized actor leading to data theft. Their breach notification statement to customers stated that “the investigation determined that Social Security numbers, driver's license numbers, passport numbers and/or financial account numbers may have been accessed or acquired". Guess was quick to point out that it was cooperating with law enforcement to investigate the incident, and that they had implemented additional security measure to boost its security protocols.
Using Forrester research to confirm, my colleague Wil Klusovsky pointed out in a recent blog that retailers are suffering from a lack of in-house security skills. They just can’t keep up with the constantly evolving and maturing techniques that hackers use to break down security walls. Retail organizations need to handle upcoming threats from:
- Connected environments: New shopping habits and scenarios mean so many more touchpoints along the customer journey, bringing its own complexities and exposing risks.
- Expanded use of data: With cloud computing, IoT, digital twins and smart devices, data now sits in a distributed network, giving hackers so many more opportunities to find weak points along the way.
- Broader ecosystems: Third-party selling, marketplaces, closer collaboration with external companies (3PLs, technology companies, etc.)
Add to that the legacy systems that a lot of retailers are using (and that are very difficult to secure) and you have a situation that is more about when a breach will happen rather than if a breach will happen.
Avanade is doing its part to raise awareness about the importance of cybersecurity. This year, in addition to being named the 2021 Microsoft Global Alliance SI Partner of the Year for the 16th time, we have been named Microsoft Security 20/20 Winner for Zero Trust champion—SI.
But security is a constant for us, with a continuous focus on how we can help retailers (and their customers) put security first and fight back against the cybersecurity scourge. Here are a few ideas from our retail security team on how to set the right tone for your organization:
- Infuse a security mind-set into the culture of the organization, by evolving the role of the CISO, making sure the next-generation CISO is business adept as well as tech-savvy.
- Harden and protect retailers’ core assets. Become brilliant at the basics by hardening and protecting your core hardware and software assets.
- Adopt a “protect and partner” approach. Use a data-driven and advanced threat intelligence approach to better anticipate potential attacks and develop more proactive cyber resilience.