This is an archived article -
we have removed images and other assets but have left the text unchanged for your reference
In some ways, you have sympathy for CIOs of retailers. The sector has some of the most advanced and streamlined companies on the planet, the intense competition between large rivals and the constant pressure of hopeful, innovative smaller players has led to an industry-wide obsession with staying on the cutting edge of technology. With more and more business being conducted online, this love-affair with technology is unlikely to decrease over the next decade.
The retail industry may still be reeling from the number of high profile retail security breaches including Home Depot, JP Morgan and Target, but one thing is clear: data security is very much front and centre with retailers, who are looking at ways to improve security and protecting critical customer data in 2015.
Why were so many (especially physical) retailers hit hard over the past 12 months? Some have speculated that hackers increased their wave of attacks ahead of the US’ 2015 plans to shift to chip-and-pin technology, which intends to pave the way for more secure credit and debit card payments. This created a sense of urgency to exploit major retailers whilst it was still possible. This may indeed be the case, but it’s a non-issue for online-only based retailers and will soon be a ‘patched’ opening for their physical counterparts.
What’s more concerning to internet retailers is that they are being perceived as high-value and somewhat ‘soft’ targets – both for the customer data they retain and for their high priority on business efficiency versus carefully maintained security practices.
In any case, these breaches have put security at the top of nearly every retail executives’ list of priorities. They know now that they are on cyber criminals hit list, so what should they be doing in 2015 to prepare for the worst?
Close the SecOps gap
Security and IT Operations teams (SecOps) within organisations have traditionally been siloed functions making it difficult to quickly identify and respond to potential vulnerabilities. This siloed structure undermines efforts around security and compliance, and puts an organization at risk for attack. Bridging these two functions can significantly reduce the response time to threats and speed the time to remediation, to ultimately strengthen the overall security posture against potential attacks.
Continue to practice good cyber hygiene
Practicing good cyber hygiene is like sports in that it is typically the team that consistently executes on the basics that wins. Ensuring retailers protect and maintain systems and devices appropriately can be achieved by leveraging cyber security best practices. For example, ensuring that only authorized devices are connected to company networks, limiting the applications or software running on company assets, securely configuring corporate assets, including removing default usernames and passwords and restricting the use of administrative privileges. Just as important is continuously scanning and remediating vulnerabilities and misconfigurations in company assets.
Prepare for new payment systems
If you run hybrid internet and physical locations, be aware that while chip-and-pin technology will likely decrease the severity of POS system breaches, a new wave of contactless e-payment systems being introduced, such as Apple Pay and Google Wallet, could provide new attack surfaces for hackers to exploit. Similarly, Internet-of-Things (IoT) based devices such as printers and security cameras must be considered as threat vectors and retailers should consider these new systems and network points to ensure they have a plan in place to protect their systems from the security vulnerabilities systems that could expose customer data.
In today’s complex security landscape, it’s critical to be proactive and vigilant to protect against cyber threats in order to be as secure as possible. While retailers won’t be able to completely stop breaches and attacks, what they can do is minimize the risk, proactively address threats as they arise and be prepared.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
DOWNLOAD OUR NEW REPORT
Warehousing 2025
The InternetRetailing Warehousing 2025 report explores this critical stage of the direct-to-consumer journey
You are in: Home » Guest Comment » GUEST COMMENT All eyes on retail
GUEST COMMENT All eyes on retail
Amol Sarwate
This is an archived article - we have removed images and other assets but have left the text unchanged for your reference
In some ways, you have sympathy for CIOs of retailers. The sector has some of the most advanced and streamlined companies on the planet, the intense competition between large rivals and the constant pressure of hopeful, innovative smaller players has led to an industry-wide obsession with staying on the cutting edge of technology. With more and more business being conducted online, this love-affair with technology is unlikely to decrease over the next decade.
The retail industry may still be reeling from the number of high profile retail security breaches including Home Depot, JP Morgan and Target, but one thing is clear: data security is very much front and centre with retailers, who are looking at ways to improve security and protecting critical customer data in 2015.
Why were so many (especially physical) retailers hit hard over the past 12 months? Some have speculated that hackers increased their wave of attacks ahead of the US’ 2015 plans to shift to chip-and-pin technology, which intends to pave the way for more secure credit and debit card payments. This created a sense of urgency to exploit major retailers whilst it was still possible. This may indeed be the case, but it’s a non-issue for online-only based retailers and will soon be a ‘patched’ opening for their physical counterparts.
What’s more concerning to internet retailers is that they are being perceived as high-value and somewhat ‘soft’ targets – both for the customer data they retain and for their high priority on business efficiency versus carefully maintained security practices.
In any case, these breaches have put security at the top of nearly every retail executives’ list of priorities. They know now that they are on cyber criminals hit list, so what should they be doing in 2015 to prepare for the worst?
Close the SecOps gap
Security and IT Operations teams (SecOps) within organisations have traditionally been siloed functions making it difficult to quickly identify and respond to potential vulnerabilities. This siloed structure undermines efforts around security and compliance, and puts an organization at risk for attack. Bridging these two functions can significantly reduce the response time to threats and speed the time to remediation, to ultimately strengthen the overall security posture against potential attacks.
Continue to practice good cyber hygiene
Practicing good cyber hygiene is like sports in that it is typically the team that consistently executes on the basics that wins. Ensuring retailers protect and maintain systems and devices appropriately can be achieved by leveraging cyber security best practices. For example, ensuring that only authorized devices are connected to company networks, limiting the applications or software running on company assets, securely configuring corporate assets, including removing default usernames and passwords and restricting the use of administrative privileges. Just as important is continuously scanning and remediating vulnerabilities and misconfigurations in company assets.
Prepare for new payment systems
If you run hybrid internet and physical locations, be aware that while chip-and-pin technology will likely decrease the severity of POS system breaches, a new wave of contactless e-payment systems being introduced, such as Apple Pay and Google Wallet, could provide new attack surfaces for hackers to exploit. Similarly, Internet-of-Things (IoT) based devices such as printers and security cameras must be considered as threat vectors and retailers should consider these new systems and network points to ensure they have a plan in place to protect their systems from the security vulnerabilities systems that could expose customer data.
In today’s complex security landscape, it’s critical to be proactive and vigilant to protect against cyber threats in order to be as secure as possible. While retailers won’t be able to completely stop breaches and attacks, what they can do is minimize the risk, proactively address threats as they arise and be prepared.
Amol Sarwate is director of engineering at Qualys
Read More
You may also like
Subscribe to our email community