Australians are returning to offices almost one year since we all went into shifted to a working from home model due to COVID-19 back in mid-March 2020. As we‘re almost 12 months on since that historic moment, the lessons learned and experiences gained are driving business continuity and growth – especially in the retail sector where e-commerce and virtual/online stores boomed in the last year.
In return, we observed a new wave of hyperactive cybercriminals whose attacks are only getting more sophisticated. COVID-19-themed cyber-attack detections alone increased by 605% in Q2 2020, and in Australia there have been 18,180+ COVID-19 related malicious file detections since Jan 2020.
Now’s the time for retailers to be reassessing the people, processes, and technology side of cybersecurity to ensure their organisation is ahead of the threat trend curve.
Here are ten ways the retail sector can stay cyber safe and protected in 2021:
1. Prioritise cybersecurity awareness training for employees. Retailers are encouraged to host internal sessions or seek third-party advice for employees to be cyber safe, speaking about risks of storing important information in the cloud, the different types of attacks targeted towards the industry and best practices about keeping customer data safe, etc. to keep both the employee and company secure.
2. Educate your customers. With many people beginning to move from in-person to online experiences for shopping, retailers should ensure their customers know how to safely use their online platforms by providing education on how to identify fraudulent attempts, such as phishing, and verify a retailers website by identifying recognised security seals.
3. Ensure your data is stored in the right place. Retailers should be careful not to store sensitive data outside the corporate managed network. It’s not always possible to recover sensitive data from an unmanaged or remote devices, so this could potentially lead to a loss of data if the security teams are not controlling cloud access by device type. Retailers should also consider leveraging encryptionsolutions to prevent loss of data in the event of a lost corporate device.
4. Think holistically about your cybersecurity. Cybersecurity is an aspect of business that retailers should be thinking about holistically, as cybercriminals exploit new entry points every day. From cloud to application security, governance and regulation, and endpoint protection, leaders should consider each aspect of their retail business model, especially as they become increasingly digitally-led, to ensure your cyber strategy effectively covers all aspects of the business.
5. Develop prevention and response plans. It’s beneficial for retailers to create and implement security response plans to ensure they are prepared in the case of a cyberattack. This will enable cyber resilience, which is an organisational capability that will help put retailers in a position where they are able to mitigate downtime and keep the wheels churning in the face of an attack.
6. Conduct red/blue teaming exercises. With increased online traffic for retailers, especially around seasonal or one-day-only sale events, retailers must begin to consider both the scope, likelihood and impact an attack on their online platform can have. Red/Blue teaming exercises can help retailers not only understand their online platforms exposure, but also test their incident response plans and ability to co-ordinate a response.
7. Leverage a Cloud Access Security Broker (CASB). As retailers begin to embark on cloud transformation projects, they should consider getting a holistic view of their cloud scope and data that is stored within these platforms. CASB solutions can provide this central platform to manage all security elements across a cloud journey and give retailers the visibility needed to manage cyber risks. McAfee research found that organisations are 40 percent more likely to be able to launch new products, 38 percent more likely to expand to new markets, 36 percent more likely to have a faster time to market, and 32 percent more likely to experience business growth when using a Cloud Access Security Broker (CASB), which are all significant benefits to reap as the retail sector continues to grow and innovate in 2021.
8. Consider reducing the attack surface of critical Point of Sale (POS) systems. With POS systems and backend infrastructure being highly critical for revenue streams, retailers should consider using technologies such as application whitelisting and system hardening in order to reduce the attack surface of these devices.
9. Patching your applications and software. With no slowdown in the number of vulnerabilities being identified across both operating systems and applications, retailers must ensure they stay on top of patching to prevent exposing themselves to compromise.
10. Stay on top of new threat trends. New threats are emerging every day, and it’s crucial for retailers to know what kind of threats are targeting their sector as the world increasingly depends on technology to operate. A September 2020 survey by MobileIron found respondents felt most secure using QR codes at restaurants or bars (46%) and retailers (38%). With the newfound reliance on QR codes, this technology is quickly becoming a target for cybercriminals to exploit, and we could potentially see QR Code abuse—or Qshing—in the age of COVID-19.
Sahba Idelkhani is director of systems engineering at McAfee