Cybersecurity : Why is Retail at risk ?
Ransomware has become a common means of attack by malware and hackers. Over the past six months, FortiGuard Labs has identified a total of 10,666 variants, double the 5,400 in the previous half of the year – representing almost 100% growth in just six months.
All businesses are potential victims. But a report published this summer by Check Point Research shows that retailers should be particularly vigilant: the retail and wholesale sectors saw the biggest rise in ransomware attacks, with a massive 182% increase. The motivation is less about reselling data on the dark web these days; it’s more about exploitation and making a profit.
Hackers will most likely seek to harvest as much data as possible and then demand a ransom, often by infiltrating your company’s network via the central servers or checkouts at a store. It’s particularly worrying, because without access to essential data and your IT tools, it’s very difficult to keep functioning properly.
Retail cybersecurity best practices: The cloud is the key to resilience and agility
To address these concerns, organisations need to have a comprehensive cybersecurity policy. And retailers are particularly vulnerable, because stores are increasingly being identified as a weak entry point; and also because the growth of e-commerce is allowing cybercriminals another means of getting into a retailer’s centralised IT system.
This is why it’s essential to make sure you migrate any “on-premise” solutions to SaaS systems. Relying on legacy systems means investing a lot of time and energy to keep up with more and more sophisticated cyber threats; and this makes it harder to respond quickly and effectively to any attacks.
Integrating a unified commerce platform that’s dedicated to retail, like Cegid Retail, not only improves the user experience, but also reinforces levels of security. Relying on Cegid’s know-how and industry best practices deployed on its cloud infrastructure (including sealed compartments to contain viral infections and continuous upgrades etc.) means benefiting from a high level of cybersecurity. A retailer relying on on-premise systems will have a lot more trouble achieving the same levels of protection.
The adoption of a Zero-Trust Access policy (or ZTA) is really important if you want to limit any risks of infiltration or account theft. The ZTA golden rule is to trust no one! This means controlling access of users’ identity and devices, including managing security issues arising from IoT devices.
Improving service availability
With a SaaS offer, retailers can also benefit from a service continuity plan linked to Microsoft Azure’s “Availability Zones”. This limits the impact of any down time thanks to a latency replication time of less than two milliseconds between Azure availability zones. What’s more, you can access data even if the main data centre fails.
Cegid and its hosting partners have numerous certifications, including ISO 27001:2013. This certification proves that the SMIS (Security Management Information System) has been effectively implemented and that the security controls have been adapted for the Cloud:
- Incidents and data are tracked in real time to reduce the scope of the attack
- All the Cloud operating systems are continually monitored and improved, 24/7
- Internal audits are regularly administered.
- Staff are regularly trained for sound security and privacy controls.