What a steal! How retailers can protect customer data from cybercriminals
Recent Salesforce research shows 52 percent of consumers expect their offers to be personalized. To create these tailored offerings and drive a seamless customer experience, retailers gather vast amounts of personally identifiable information (PII) -- from addresses to purchasing history and payment information. This makes them an irresistible -- and relatively low risk -- target for cybercriminals. As a result, data breaches within retail are increasingly common, even for major retailers -- as we saw earlier this year with the JD Sports Data Breach, which exposed the PII of around 10 million people.
To help protect consumers, governing bodies are putting increased pressure on companies to comply with data protection rules -- including the UK’s upcoming Data Protection and Digital Information Bill. Consumer trust is key when it comes to retail too. So, companies unable to protect their customer data not only risk enormous fines, but significant damage to their brand reputation. So, following recent high-profile retail breaches, how can brands protect their customers’ personal data?
A rapidly growing attack surface
When it comes to online shopping, customers want to be confident that their PII is protected. But as retailers harness new data-driven technologies to boost sales and drive efficiency -- often leveraging a hybrid and multi-cloud infrastructure -- their attack surface rapidly expands. This allows innovative hackers more opportunities to infiltrate the network or cloud where they can deploy increasingly technical and sophisticated attacks that are largely unseen and unknown to the security team.
Not only are retailers more vulnerable due to an expanded attack surface, but security teams are now operating in a 'spiral of more'. Today, data and applications are spread across multiple public clouds, datacenters, and SaaS applications. This means more identities, more vulnerabilities, and more blind spots. As a result, attackers can be even more evasive than before to exploit, progress, move laterally and escalate privileges -- which ultimately leads to more breaches.
On top of this, companies now have more security tools. This means more security analyst training is needed to manage more alerts being generated. The typical response to this has been to create more rules in security technologies and do more tuning to reduce false positive alerts. But this puts even more pressure on security teams who are now drowning in alerts and also constantly tweaking their security tools. As it becomes increasingly difficult to keep pace with attackers moving across the organization’s hybrid and multi-cloud environment, this spiral of more keeps feeding itself until security teams become completely burnt out and quit.
What cybersecurity countermeasures can retail security teams take?
As the global cyber security skills gap remains at an alarming 3.4 million people, there’s an obvious limitation on security resources, especially in the hybrid, multi-cloud era. One of the catalysts for unknown attacks remains security analyst workload -- and a lot of that work is focused on administration over attack mitigation and remediation. Retail security teams need to make fast decisions to address the growing attack surface efficiently and effectively, but they cannot do so if they are focused on admin instead of attackers. The good news is there is a way to break the spiral of more -- to shift analyst time from tool maintenance to attack defense.
Firstly, retail security teams need to leverage AI technologies to automate threat detection, including triaging and prioritizing threats. This will ensure that -- when attackers target your cloud data or SaaS environments -- security tools can spot the signs of malicious activity and send meaningful security alerts to your security team. This improved level of attack signal intelligence enables retail security teams to correlate and prioritize the most critical and urgent threats specific to their unique environment. In fact, IBM’s Cost of Data Breach 2022 report cites that AI and automation offer the biggest advantage, stating that "organizations that had a fully deployed AI and automation program were able to identify and contain a breach 28 days faster than those that didn’t."
Secondly, retailers must evaluate and optimise their security model. This includes asking whether they have the resources to keep 24x7 security monitoring in-house, or if they need ways to augment some of the work. For some, it may be more efficient to deploy a Managed Detection and Response (MDR) model, where external security experts work alongside the retailer to augment their in-house security team. Retail customers use MDR for different reasons depending on the nature of their environment. But MDR is often used to help address challenges like a lack of skilled talent, analyst burnout, threat hunting and investigation, or security platform optimization -- ultimately enabling retailers to share the responsibility of security with a team of skilled professionals.
Shop till you stop (attacks)
Retailers can prepare for common security threats through tried and tested procedures, but to be prepared for 'the unknown' attack, they must adopt an effective detection and response strategy. By improving threat visibility, and focusing on boosting attack signal intelligence -- i.e., the accuracy and efficacy of security alerts -- organizations can drastically increase their cyber resilience. This will identify suspicious activities, and the sorts of behaviors that an adversary will exhibit as part of an unfolding attack -- whether they occur in the cloud or on the corporate network -- stopping attacks before cybercriminals can pinch customer data.
Mark Wojtasiak is Vice President of Product Strategy at Vectra.