Avatar

As a retail business, the relentless pursuit of safeguarding your customers’ data and ensuring uninterrupted holiday joy has never been more crucial! In a world where the retail sector is a prime target for cyber adversaries seeking to exploit payment processing data, envision a constant onslaught of incidents – perhaps hundreds of thousands, if not millions – unfolding even as you read these very lines! Brace yourselves, for in the realm of retail, the term ‘retail therapy’ takes on a whole new meaning for threat actors, and the stakes are higher than ever! 

Protecting customer data 

Embark on a thrilling journey through my decade-plus career, navigating the diverse landscapes of Education, Commercial ventures, State and Local Government, and the Federal government. In this electrifying adventure, there’s one treasure everyone seeks to protect – data. Over the past 15 years, data has evolved into a priceless asset, enhancing the retail consumer experience while simultaneously becoming a coveted prize for threat actors. Picture the adrenaline-pumping scenarios as I conducted security assessments before, during and after the holiday season. I have witnessed surges in security incidents akin to a cyber battleground, where threat actors intensify their malicious activities. 

Unleashing a torrent of illegal data viewing and exfiltration, these actions brand the culprits as nothing short of digital outlaws. In this perilous landscape, retail companies must recognize the threat these actors pose and the price they are willing to pay for the tools enabling them to launch breach attempts with stolen payment information. The call to action is clear – engage in due diligence to protect consumer data, fortifying not only your customers’ trust but also the very essence and reputation of your brand. 

Amid the holiday frenzy, witness a surge in all things consumerism – from social media usage and online purchasing to the bustling activities in brick-and-mortar stores. Yet, alongside this festive chaos, nefarious endeavors such as phishing attempts, pre-texting, and malicious click-baiting reach a crescendo. The implication is undeniable: the spike in attack techniques mirrors the increased value of data during this season, encompassing everything from personally identifiable information to fresh credit card data. 

Delve into the 2023 Verizon Data Breach Investigation Report, a treasure trove of insights revealing a spike in breaches within the retail industry. The report states “both Ransomware and Use of stolen credentials among the top, along with Email and Web applications for vector.  However, there is a relatively unique addition to some of these actions – the “Export data” and Capture app data. This is also one of the few industries where we see “Other” creep up as one of the top actions”  

Before we draw the final curtain, picture the destiny of your brand hanging in the balance – poised to either soar to new heights with cybersecurity diligence or vanish into obscurity by embracing inadequate “free” controls. The heartbeat of basic controls – safeguarding your server applications, securing data at rest and in transit, fortifying employee credentials and data access – resonates as the symphony of success. Enter the realm of MFA, standing tall in the top three, followed by an email control that fends off post-pretext attacks, complemented by security awareness training. The climax approaches with a minimum DNS control, a guardian of the cyber gates, expanding to a secure internet gateway and a SASE platform, ushering in scalability and reducing complexity. As the crescendo fades, the choice is yours – a thriving brand or a mere memory in the digital sands of time! 

Join us!  

If you are attending NRF2024, stop by our Cisco booth 5639. Our secure, automated solutions can help transform the retail experience and improve operations. We give our customers and partners the tools, solutions, and digital capabilities to serve and protect their customers online, at home, on the go, or in-store. 



Authors

Olauhdo Stubbs

Leader, Systems Engineering

Security