Walmart's cybersecurity: Don't try this at home
It seems that every week we hear of another cybersecurity breach. This year, organizations of all shapes and sizes have fallen victim to malicious crimes -- from Apple, T-Mobile and Uber, among many others -- and data breaches are costing U.S. businesses millions of dollars.
The emerging digital ecosystem has made every company a target, and as a result, organizations are investing in a range of cybersecurity measures to mitigate threats and enhance resiliency and recovery. As cybercriminals continue to evolve their tactics, it’s becoming increasingly challenging for organizations to keep up with the latest security measures. This highlights the need for ongoing cybersecurity investment and a proactive approach to threat detection and response. The question is, what are these measures, and is there a one-size-fits-all approach? Let’s explore.
The case of Walmart
Earlier this year, Walmart gave an exclusive look at their security operations -- a riveting initiative for the multinational company as they showcased the lengths enterprises must go to remain secure in today’s digital age.
The company says that they protect their global reach with a security operations center that runs 24/7/365. Teams in Bangalore work with their U.S. staff to keep an eye on the company's digital infrastructure and always respond to possible threats. With over 20 years of experience, the company exhibits many cybersecurity best practices, including:
- Defense in depth: a technique where a series of security mechanisms and controls are thoughtfully layered throughout a network to secure the network's confidentiality, integrity and availability.
- Non-siloed security teams: Security teams work together to collaborate across different areas of security, bringing together security professionals from different backgrounds, including software engineers, system administrators and IT auditors.
- Forward looking security research: Walmart’s team is continuously looking to uncover how threat actors are pivoting to remain agile against new attack approaches.
- Alignment with standards and associations: working in line with privacy legislation and following regulatory compliance to set the standard for privacy and security.
Today, Walmart can block 8.5 billion malicious bots in a single month. While the company’s approach is impressive -- it's a hard one to emulate. Although the company doesn’t disclose how much money is allocated to cybersecurity or the headcount of its expansive team, few organizations have the monetary capacity to function on such a large scale.
Let's look at a real-world approach that can work for other companies.
A real-world security-first approach: the power of Zero-Trust access
One thing is clear: defense is a proactive effort, and nothing across an organization’s network can be left to chance. The goal of a cybercriminal is to make money by encrypting systems to get a ransom payment or by getting personal information (like names, passwords, personal records, etc.) to sell on the dark web. The reality is that the human element is the most common threat vector and was the root cause of 82 percent of data breaches last year -- making it the most vulnerable and the most important to protect.
Modern strategies can protect organizations from human-focused attacks like phishing and credential theft without relying only on traditional perimeter defenses. The following steps can ensure companies are better protected:
- Align security protocols to the way people work and your highest-risk use cases. Leaders should implement a tiered access system for the highest-risk use cases. This involves assigning different levels of access to individuals depending on the level of risk associated with the use case. For example, a C-Suite executive will have access to all sensitive data, compared to a third party that is only joining the network to work on a very specific task. What really differentiates both these personas is the risk they bring to the organization. Simply put, a third party that potentially doesn’t have the same controls or processes poses a higher-than-average level of risk. With protocols that limit network access, organizations can also limit the risks they let in.
- Implement strong identity and access management measures. Identity and access management systems can be used to ensure that only authorized users have access to specific resources and data, which reduces the risk of data breaches. Zero-trust access, for example, requires users to verify their identity before they can access any system or network -- it is set up to not trust anyone, not even vendors.
- Review access policies to ensure the right level of access for people. Access privileges should be assigned based on job role and organization policy. One way of doing this is having administrators create user accounts with varying levels of access to limit network access to files, applications and other resources.
Altogether, these steps can help prevent users from gaining access to sensitive data by giving security and IT teams visibility and control over the data that flows across a company’s cloud, network, system and applications.
A path to overcoming adversity
The growing number of data breaches has heightened the urgency of implementing data protection. As organizations look to establish intense protocols, the case of Walmart can be used as an example of best practices. However, as discussed, a security approach that can be implemented by organizations of all sizes is what most companies need.
Next-generation security technologies enable organizations to attain a cost-effective model that provides high-level security and visibility while helping mitigate cyber threats and protect their infrastructures from data breaches.
Almog Apirion is the CEO and co-founder of Cyolo, the first true Zero-Trust Access solution. In 2019, Almog and two of the world’s leading ethical hackers, Dedi Yarkoni and Eran Shmuely, founded Cyolo after realizing the need for organizations to easily and securely make their apps -- legacy, custom, cloud, etc. -- available from anywhere to employees and third parties. Almog spearheaded a Series B funding round of $60 million in 2022, raising Cyolo's total capital to $85 million. He is currently leading the growth of Cyolo's leadership and expediting the global expansion of its Zero-Trust Access solution.