Using cybersecurity to bring the retail sector back into fashion

Image Credit: Pexels (Image credit: Image Credit: Bruce Mars / Pexels)

Every February, the fashion industry kicks into life by visiting the world’s most renowned cultural capitals as part of its ‘fashion week’ season. From the catwalks of Milan to London, where London Fashion week is taking place this week, a range of retailers compete to showcase the best designs and the rising talent behind them.

The reality however is that the retail sector hasn’t been so fashionable in the UK lately, and the high street in particular has suffered in recent months, with figures from the British Retail Consortium indicating that retailers have just suffered their worst Christmas in a decade. From major closures such as Toys R Us through to damaging data breaches on the likes of Superdrug, there has never been a more challenging time for the sector. 

To maintain their market position, retailers must enhance their IT infrastructure so it can support changes in customer demand and emerging purchasing platforms, without compromising on security. But how exactly can this be done in today’s competitive and customer-centric climate while maintaining a consistently excellent quality of service?

Putting privileged access management at the top of the shopping list

As high street retailers experiment with a more digitised ‘retail theatre’ experience and online retailers expand their inventory, privileged access security has to protect both front-end devices - such as tills, tablets and interactive screens - and the back-end IT infrastructure supporting stores’ retail operations. In the front-end for example, these new experiences increasingly leverage the Internet of Things (IoT) and cloud services as part of their efforts to emulate ‘Amazon effect’ in their stores; customers can now use phones as coupons to pay for items, and sensors and smart beacon technologies can predict whether a shopper is going to make a certain purchase or not based on their in-store activity. The greater proliferation of devices and indeed data now stored in a shop is creating a whole new threat landscape within the shopping experience, and providing more ‘ways in’ for savvy hackers to infiltrate the network.

This challenge is familiar to online retailers, who for some years have needed to stay one step ahead when it comes to protecting their back-end systems, safeguarding customer data and ensuring consistency of retail operations. To stay secure, retailers must invest in protecting what attackers seek most: privileged access to traverse through the network. 

This needn’t be a daunting task and can be broken down into manageable steps. Focus should be placed on critical assets first in order to lock down ‘crown jewel systems’ and reduce their risk of compromise. This approach should be based not only on the critical systems themselves, but also ensuring the most privileged access to these systems is protected first.

Taking these first steps is of increasing importance, especially in the online retail sector where brands are entrusted to store more data such as credit card details and addresses, than ever before. Finally, take a leaf from other sectors. Many businesses across a range of industries from banking to manufacturing are hiring a team of ethical hackers to always test critical systems. To protect from hackers, you have to think like one continuously.

These tactics have to be added to the top of the shopping list if retailers want to stay one step ahead and keep critical customer data safe.

Image Credit: Pixabay

Image Credit: Pixabay (Image credit: Pixelcreatures/Pixabay)

Making new mindsets fashionable

Before new privileged access security measures are implemented however, education has to take place. A recent Accenture study showed that 70% of 2,000 UK employees who received cyber security training felt that it enhanced their ability to recognise potential threats and motivated them to be more vigilant. Empowering employees to understand the new threat landscape has to be front and centre. But, it also has to go one step further than this to rewarding employees for spotting any potential threats, and this is where retail needs to progress. Our own statistics from CyberArk’s annual Threat Landscape report revealed that only 39% of IT decision makers working in retail would reward employees who helped to prevent a security breach in 2018. This lags behind IT & telecoms for example at 62%.

How can these mindsets be changed? The fight against cyber-attacks has to involve all employees, right from the staff on the shop floor (who are now interacting with more analytics-based technology more than ever) to the chief technology officers behind major online brands. Basic training in ‘cyber hygiene’ is crucial to ensure that all employees are equipped to deal with cyber attacks before they happen and not let malicious hackers into the network.

This fashion week season, retailers must take steps to refresh their cyber hygiene and ensure that they keep the negative headlines at bay. Delivering an innovative and differentiated customer experience at pace is critical for high street survival today, but ensuring robust security is just as important and shouldn’t be an afterthought. Consumers will only place complete trust in the retailers that take the strongest measures to safeguard their data. Those retailers that stay in fashion will be those that see technology as an enabler for ‘good business’ and place a strong cyber security at the heart of the shopping experience. 

David Higgins, EMEA Technical Director at CyberArk

  • Keep your systems protected from the latest cyber threats with the best antivirus
David Higgins
EMEA Technical Director

David Higgins, Senior Director, Field Technology Office at CyberArk.