The cyber-attack on Marks & Spencer is the kind of event that makes business leaders sit up and ponder whether their own organization could be next. While its services may now be up and running, the incident has still cost the brand over £300 million in lost profits, along with potential damage to its customer relationships.
The brand is not alone either, since attackers also hit the specialist food distributor Peter Green Chilled, integral to several supermarket supply chains, along with Coop, North Face and Cartier recently as well. The lasting impacts of these cybersecurity breaches have revealed how quickly a single compromise can affect revenue, logistics and brand trust, even if organizations have well-rehearsed contingency plans.
Co-founder and Director of Hyve Managed Hosting.
Cyber criminals love retail data
The UK’s appetite for online shopping has grown from 18.1 per cent of total sales in September 2019 to around 26 per cent today. This growth brings increased volumes of payment credentials, loyalty data and personal profiles that retailers and their partners must store and access for the whole system to operate effectively.
As every part of the retail supply chain process, from stock control to fulfilment, is now digitally integrated in the battle for streamlined, multi-channel efficiency, it has become almost impossible to guarantee total security.
Criminals want that data for ransom, resale or misuse, and incessantly seek it out. They have learned that the easiest way past expensive perimeter tools starts inside each business. A seasonal employee’s click on an email, a misconfiguration in a loyalty-app update, or slack use of recycled passwords by a manager working from home are all weaknesses that criminals exploit.
The addition of hybrid working has also opened up many more potential entry points for criminals and complicates security vigilance.
The complex pipework of supply chain partner relationships makes continuous monitoring much harder. Retailers rely on third-party ecommerce software, CRM suites, point-of-sale systems and supply-chain tools. Vulnerabilities from even a single vendor or partner is enough to let criminals inside.
Artificial intelligence, meanwhile, has automated phishing lures and vulnerability scanning. The development of off-the-shelf ransomware kits also means criminals need less technical expertise to be effective. They can deliver cyberattacks at greater frequency and speed with superior precision.
Building defenses that contain attacks
Removing all cyber risk is impossible, so organizations must switch focus to damage limitation and maintenance of legitimate trade, using layered security instead of relying totally on a single gatekeeper.
High on the shopping list for retailers should be real-time endpoint detection and response (EDR) or extended detection and response (XDR) platforms. These solutions monitor devices, networks and cloud workloads for anomalous behavior, then isolate infected assets before malware spreads.
Strict network segmentation limits an intruder’s freedom of movement in systems. A zero-trust model will make life harder for them by demanding authentication for every access request.
Sometimes, the most effective containment measure is a deliberate shutdown to allow individual branches to keep trading on local platforms. This prevents attackers from scuttling through systems and enables investigators to get on with their work.
Layering defense
Layered defense must involve employees as well as technology. Multi-factor authentication cuts down the threat from stolen passwords, while least-privilege principles ensure staff only access what is required for the task in-hand. Regular penetration tests expose weak spots before adversaries find them, and supply-chain audits encourage vendors to improve standards.
Preparation is essential. Immutable off-site backups provide clean copies of critical data, but only if recovery time and recovery point objectives are realistic and regularly rehearsed. Full fail-over, forensic hand-off and customer communications must all be rehearsed.
It is also important to diversify infrastructure, avoiding reliance on what becomes a single fault domain through the mistake of running production, back-up and disaster-recovery environments on the same platform. What retailers need is a hybrid or multi-cloud approach to spread risk and improve flexibility.
Instilling new confidence
After the immediate threat is contained and systems are restored, rebuilding confidence is tough when customers, staff and investors are wanting details of what happened, the data exposed and how the company will prevent it from happening again.
A timetable of transparent updates shows respect and reduces speculation. Each cyber event or breach should trigger policy changes and fresh internal training, reinforcing the message that security is a collective responsibility shared by everyone in every department.
Many retailers use managed service providers (MSPs) to accelerate all these steps, bringing access to wider experience and expertise, round-the-clock monitoring and economies of scale. Retailers have the strategic oversight and sector knowledge, while the MSP supplies a deeper level of technical insight and a commitment to continuous improvement.
With the right partnerships, layered defenses, crisis response and security awareness, retailers can absorb attacks without day-to-day business grinding to a halt. They can continue to maintain the vital trust that is behind each customer transaction. There is certainly no reason to despair if organizations follow this multi-layered approach.
We list the best endpoint protection software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
