In the retail sector today, almost all activity is undergoing digital transformation: from sales and distribution, through logistics and electronic payments. In addition, the new commercial models of retail -which articulate partners, customers, and suppliers in a network- expose companies in the sector to new risks.
The acceleration of the digital transformation of retail seeks to respond to changes in customer expectations and needs. But often the speed of these changes outpaces security controls, as retailers expand their digital infrastructures to improve the user experience, so do they expand their potential attack surface. This occurs across all industries, but a specific set of challenges makes retail cybersecurity a much more complicated matter.
In this industry, every connected tablet or computer, every added mobile and IoT device, every Wi-Fi beacon, not to mention all the technology that is deployed in multi-cloud environments, makes it difficult for IT teams to implement cybersecurity in companies that cover all possible avenues of attack. As transactions increasingly take place online and data is stored in cloud environments, retailers have become more vulnerable to cyberattacks.
Computer security in companies
Within this framework, companies must design cybersecurity policies and strategies, encourage good practices among their employees and establish monitoring mechanisms to prevent and mitigate the various threats generated by cybercrime. The latter vary: “from attackers intercepting physical and online sales systems, dishonest or careless employees, and third parties deliberately looking for opportunities to exploit loopholes or system vulnerabilities.” Retailers also face security challenges with connected POS systems and devices, and online ordering and delivery applications. And a no less important issue is the staff’s connected mobile phones.
In addition, retail companies’ data lakes are attractive targets, “since they often combine detailed identity and demographic data with credit card information.”
Security in electronic commerce
A specialized blog synthesized several studies and concluded that 84% of the cyberattacks that occur in this industry include system intrusion, social engineering and attacks on basic web applications. In 87% of the cases the actors are external, and in 13% internal. Of the compromised data, 45% corresponds to credentials, 27% to personal data, 25% to payment data and 25% to other types of data.
In this delicate scenario, retailers need to develop several basic security policies:
Restrict access to data as needed.
Encrypt sensitive data sent over open public networks.
- Restrict access to data as needed.
- Encrypt sensitive data sent over open public networks.
- Periodically test security systems and processes.
- Manage threats to mobile devices (define policies and implement specific management solutions).
Additionally, companies need to have broad visibility and control across all environments; and they must monitor and respond to a rapidly changing threat landscape.
At Baufest we can accompany the companies in the sector with our extensive specific expertise in this industry, so that they can achieve a safe, flexible and efficient operation for both employees and customers.