In this digital age of retail, hackings and data breaches have become part of the normal course of business. The retail industry gathers and stores an abundance of customer information, from credit card numbers to home addresses, email addresses and phone numbers. This data, when compiled, can be very valuable, incentivizing cyber criminals to infiltrate retailers’ systems.
As thousands of connected devices now perform transactions, move supply chains and manufacture goods, retailers are struggling to remain ahead of cyber threats. While it's certainly not alone, Amazon.com's recent breach demonstrates the constant struggle for retailers to keep pace with hackers in today’s technological landscape.
Like every industry, retail needs to stay ahead of the evolving threats and make cybersecurity a priority to secure both their company and their customers’ data. Taking the proper steps to guard this sensitive information can be costly, but in the long run will not only save money, but also limit the opportunity for consumer distrust that stems from any breach. There are numerous ways hackers can penetrate retailers’ data centers, including in-store point-of-sale systems, e-commerce sites or employee mobile devices. An unsecure network may leave many companies vulnerable to an attack, especially with the increased adoption of mobile and IoT technology in the manufacturing, storage, sales and shipping processes.
Hackers’ Motivations and Methods
This past year, approximately three out of four breaches were financially motivated, and credit card numbers are only part of the personal data that cyber criminals leverage for compensation. But credit cards are the gateway for this access — if cyber criminals act quickly, they can evoke fraud through gift card purchases and returns.
Since 2016, Payment Card Industry (PCI) compliance has been the most widely used standard for regulating financial data, but it doesn't govern names, addresses or purchases — all of which are typically saved for rewards programs or mailing lists. As a result, cybercriminals often bypass PCI-protected data in favor of a softer target: personally identifiable information. This data can be leveraged to exploit loyalty programs and carry out online fraud due to the lack of regulation.
How to Stop a Breach Before it Happens
Effective digital identity management enables retailers to secure access to business-critical data and devices, strengthen PCI compliance, and adopt digital transformation without compromise to consumers.
Before creating a strategy, businesses must first scan their website for vulnerabilities that could lead to point of entry for hackers. It’s important to look for holes within domain providers in order to better understand where data could be exposed. Administrative portals, which can be accessible by the public, are often vulnerable and increase the risk of exposure. Additionally, a simple password policy ensures that employees don’t keep using default settings that can be monitored and hacked.
Once businesses determine where they could be exposed, they must audit their current roster of digital certificates. Expired keys and certificates can quickly lead to the same problem caused by hackers: a systemwide outage. It's important for businesses to know where they stand by updating certificates in order to secure identities and prevent a breach of customer information. One way to stay ahead of certificates and keys is automation, which can help prevent crucial oversights caused by human error. Investing in automated digital identity management will help retailers get ahead of the cyber warfare that will only continue to wreak havoc on the industry. Retailers will be able to secure keys and certificates at the speed and scale required, leaving hackers unable to get into their systems.
Kevin von Keyserling is CEO and co-founder of Keyfactor, the market leader in digital security management for numerous Fortune 500 companies.
Related story: What Retailers Need to Know About Cybersecurity in 2019
Kevin von Keyserling is CEO and Co-Founder at Keyfactor, the market leader in digital security management for numerous Fortune 500 companies. In this role, Kevin is responsible for company operations and oversees Keyfactor’s organic and acquisition growth strategy. As a member of the Keyfactor leadership team, Kevin is the chief steward of company culture. Building on the company’s culture of success, Kevin authored the “Ten Principles of Leadership.” These principles shape the people concepts and values that prevail and define what it’s like to work at Keyfactor. Of the 10 principles, Kevin’s favorite is creating a learning environment. This principle helps individuals achieve their full potential.