The Retailer Winter Edition 2023

THE RE TA I L ER

2 6

HOW RETAILERS CAN ADDRESS THE RISING CYBERSECURITY THREAT

Philip Duerden Channel and Alliances Director Thales

R etailers must reassess their cyber security practices to ensure they are robust and resilient enough to protect their customers. The way in which we conduct retail transactions is constantly changing. Retail organizations have long been targeted by cyber criminals attracted to the industry because of its size, large quanti ties of online and point-of-sale (POS) credit card transactions, andmillions of POS and IoTdevices at remote locations that canbeeasytargetsdue to unpatchedvulnerabilities andconfigurationerrors. Retailers began the century as the prime targets for cyber attackers looking for credit card data. But negative blowback from major breaches in the2000s, fines imposedbyregulators, and strict cyber securitymandates suchasPCI-DSS, helped retailers dramatically improve cyber security and slow down the wave of attacks. Today, unfortunately, retailers are again coming back tothespotlight.Attackersareno longer focus ing solely on credit data, but target rich amounts of sensitive personal data on retailer’s systems or introduce ransomware for a quick payout that doesn’t even requiredataexfiltration. Thales Data Threat Report: Retail Edition, finds that45%of retail respondents reported that the volume, severity and/or scopeof cyberattackshad increased in the previous 12 months.

‘‘

Alarming cybersecurity breach statistics Oneof themost alarmingfindings includes the fact that 33% of retailers have experienced a breach in the previous twelve months. But that is not all, only 48% of retailers have a formal ransomware plan, while 27% indicated a willingness to pay the ransom. Complexity is another problem. 68% of retail respondents identified their Infrastructure as-a-Service (IaaS) environments as multi-cloud, andthesamepercentage (68%) saidtheyhaveover 25Softwareas-a-Service (SaaS) applications inuse, leading to potential issueswith the complexities of securing multiple cloud environments. Avisible consequence is that only46%have com plete knowledgeor areveryconfident theyknow where theirdata is stored.Anotherconsequence is that 59%of retailers reportedhavingfiveormore keymanagement solutions, leading to increased vulnerabilities and cybersecurity challenges. Despite the above findings, retailers are pretty serious about the security of their businesses. For example, 29% of retailers reported that they have adopted and are actively embracing formal zero-trust strategies, just like any other industry. In addition, another 53% is either planning or considering theadoptionofa zero-trust approach tosecuringon-premises, cloud, and remoteaccess management. Treat your cyber threats like your physical ones Retailers are ideal cyber targets due to their size, highlydistributed infrastructures, and largequanti ties ofonlineand in-store credit card transactions. The industry is also heavily dependent on high value, constantlyavailable systems, making them attractivemarks for ransomwareduring themany different retail peaks,whenanydisruptionof their systems can cost millions of dollars per hour.

45% of retailers reported an increase in the volume, severity and/or scope of cyberattacks in the past 12 months.”

The2022ThalesDataThreatReportRetail Edition summarizes the most important findings gath ered from a survey of leaders and practitioners withinretail organizations in17countries, including grocers, restaurant and food service, as well as “classic” retailers. The continuous rise of human error, malware and ransomware Similar to many organizations, 36% of retail respondents cited human error as the leading threat. Of the leadingperceived threats,malware tops the list at 65%, and ransomware follows close behind at 52%. Of course, the common attack method is phishing, and its related form, whaling. One shocking statistic is that, even though55%of the retailers had experienced a breach, only33% of retailers prioritizedmulti-factorauthentication (MFA) as themost effectivemethodforpreventing cyberattacks. Fortunately, 59%of retail organizations areusing MFA, however, only 8% of the respondents use modernauthentication foron-premises apps and only20%deploy it toprotect themajorityofcloud basedapplications.ModernMFAis cost-effective, easy to implement, and is so much more secure, that one has to wonder why this has not been a priority for retailers.