Retail Visibility Gaps: 3 Tips for Effective Risk Management
The cybercrime economy is estimated to be worth $1.5 trillion annually, with the number of new security threats soaring at an alarming rate. According to one report, 7.9 billion records were exposed in the first nine months of 2019. This compounds the burden on already stretched IT teams, who are tasked with tackling the daily challenges precipitated by COVID-19, as well as shadow IT, cloud computing, containers, zero-trust, and software-defined everything.
And what do most IT leaders see as the common culprit for all of this chaos? Visibility gaps.
As retailers move more of their processes online to meet soaring customer demand, the need for effective data protection has never been greater. Yet major endpoint visibility gaps and IT blind spots threaten to expose these organizations to cyber threats at a critical moment.
Visibility Gaps Are on the Rise
The retail sector has been a target for cybercriminals for many years, which is primarily due to the fact that retailers store huge volumes of customers’ personal identifiable information (PII), including payment card details. Furthermore, the current explosion in home working endpoints — such as laptops — has expanded an attack surface. Just one of these endpoints left unpatched could potentially land a retailer in serious financial and reputational trouble.
According to our latest research, 88 percent of retailers acknowledge fundamental weak points within their IT estate that are obstructing visibility. These visibility gaps are being exacerbated by tool sprawl (38 percent), IT/security siloes (38 percent), lack of resources (34 percent), and shadow IT (27 percent).
Retail CIOs and CISOs are rightly concerned that these visibility gaps will make their organizations more vulnerable to cyber attacks, customer churn, noncompliance fines, and more. Given the nature of the data they store, it’s not surprising that the sector is strictly regulated. The Payment Card Industry Data Security Standard (PCI DSS), EU General Data Protection Regulation (GDPR), and California Consumer Privacy Act (CCPA) require serious investment and continuous scrutiny.
Yet despite spending over $63 million each, on average, on compliance over the past year, major visibility gaps persist among retailers — so much so that less than a third (30 percent) are completely confident that they could report all required breach info to a supervisory authority within 72 hours.
The good news is that there are things retailers can do today to help overcome these challenges. We suggest taking these important steps to minimize security and compliance risk, both now and in the future:
1. Close all visibility gaps.
Retailers cannot possibly protect themselves, their customers and their bottom line without gaining a comprehensive view of all endpoints. Yet every week, 60 percent of IT leaders in the sector find new computing devices that they weren’t previously aware of within their organization. Without true visibility and control of their IT assets, organizations are leaving a backdoor open to malicious actors. Retail companies can overcome these challenges by gaining full visibility into all endpoints.
2. Don’t spend money on unnecessary tools.
Retailers invest in an average of 43 security and operations tools. However, these solutions often operate in silos, straining organizational alignment and inhibiting the visibility and control needed to protect the environment. The truth is that companies that rely on a gamut of point solutions, but lack complete visibility of their IT environment, are essentially basing their IT security posture on a coin flip.
3. Achieve stronger collaboration between IT security and operations teams.
Driving collaboration between security and IT ops teams can be a major challenge. It’s crucial that IT operations and security teams unite around a common set of actionable data for effective risk management.
By following this path, retailers can create a best practice security and IT operations culture that will help to support digital transformation, agility, and business growth long into the future.
Chris Hallenbeck is CISO for the Americas at Tanium, a unified endpoint management and security company.
Related story: How to Achieve CCPA Compliance by the July 1 Deadline