Cyber-Insiders-v9-spreads - Flipbook - Page 35
AN INTRODUCTION TO THE CYBERSECURITY LANDSCAPE FOR RETAILERS
Data Breaches and the
Supply Chain
Data breaches, often the result of
vulnerabilities in third-party supply
chain services, are a growing
concern in the retail industry. In Q2
of 2024, the breach of Snow昀氀ake,
a cloud storage provider, caused
widespread chaos throughout
the retail ecosystem, leading to
breaches at household names in
the sector such as Ticketmaster.
These breaches, which could breach
retailers’ regulatory responsibilities
to customers, should be taken
very seriously. They also serve
to underline the interconnected
nature of modern retail operations:
supply chain vulnerabilities at a widely
used provider, such as Snow昀氀ake,
can have widespread rami昀椀cations
across the sector and beyond.
Phishing and Smishing
Phishing campaigns can a昀昀ect
any organisation, but retailers face
speci昀椀c concerns. They often
employ a large and diverse
workforce, which creates numerous
potential credentials that hackers
may target. These vulnerabilities
can arise from social engineering
tactics or inadequate password
and authentication practices.
Attackers often use phishing
tactics or compromised accounts
to steal credentials and bypass
multi-factor authentication,
allowing long-term access to
corporate networks.
The Best Methods
for Staying Safe
To e昀昀ectively understand
cybersecurity concerns, retailers
need to recognise them as an
inherent aspect of conducting
business online. These concerns
represent risks that must be
managed, much like risks in other
areas of the business.
To mitigate the risks associated
with cybersecurity threats and
prevent them from becoming
critical, retailers must prioritise
network backups and software
updates. This proactive approach
will help reduce the likelihood of
a serious breach.
Another important area to
prioritise is cybersecurity
awareness training, which can
quickly and e昀昀ectively educate
employees about the dangers of
phishing attacks and the necessity
of strong password hygiene.
The increasing complexity of
cyber-attacks and the widespread
impact of supply chain
vulnerabilities present signi昀椀cant
challenges for retailers in securing
their IT assets. To be successful,
they must implement strategies,
policies, and procedures that both
internal and external stakeholders
have agreed upon, planned for, and
practised in the form of tabletop
exercises. By undertaking this
preparatory activity, retailers can
ensure that if the worst should
happen, they are ready to take the
necessary steps towards mitigation.
While there is no such thing as
eliminating cyber risk for retailers
operating with any kind of connected
infrastructure, by staying up to
date with the latest threats and
ensuring adequate planning, this
risk can be managed appropriately
before it becomes a crisis.
ADARMA CYBER INSIDERS
|
35
