The 2024 Verizon Data Breach Investigations Report notes that there were 725 known data breach incidents in the retail sector for the year ending in late October 2023. An estimated 369 of those resulted in confirmed data disclosure. From ‘credential stuffing’ to phishing to exploitation of vulnerabilities, cybercriminals have many options to violate consumer data privacy, disrupt store and warehousing operations and execute denial of service.
One of the cybersecurity challenges in retail is the very nature of operations, i.e. dispersed workers in multi-location stores, warehouses sprinkled around regions and those working in internal IT systems with varying architectures and platforms. However, what they all have in common is working on endpoint devices, whether a stationary desktop, mobile devices or warehouse tablets. If they touch data, they can be the thruway to a data breach.
Given the nature of this diverse end user computing environment, defending against cyberthreats requires a three-pronged strategy:
- Executing preventative security measures at the endpoint
- Improving the endpoint management of distributed IT systems
- Enhancing individual education and awareness of cyber threats among both permanent and seasonal hires.
Threat Prevention
The endpoint remains fertile ground for cyberattacks and data breaches, exposing a retail organization to costly downtime, and the increasing predilection of consumers to tackle the issue head-on with class action suits. A high-profile case involves several lawsuits filed against Temu, in which users of the Temu app alleged that it is “loaded with tools to execute virulent and dangerous malware and spyware activities on user devices,” and thereby violates customer privacy rights.
Advertisement
Temu’s legal troubles are just one example of customers’ intolerance of data privacy abuse. It can happen purposely, as the suit alleges, or in the case of a ransomware attack, it can hold valuable data hostage and put millions of customers’ private, personal data at risk. It can also prevent a retailer from being able to trade by removing access to critical POS, inventory or financial systems.
Preventative measures are the solution to this threat containment. Conduct a review of your current endpoint security and consider these practices:
- Is your operating system (OS) secure by design and able to support multiple cloud-based services like Software as a Service (SaaS) applications, Desktop-as-a-Service (DaaS) or virtual desktop infrastructure (VDI)? Locations may have different networking platforms, so a flexible OS can save IT budget and management time. Does the OS support Zero Trust methodologies like multi-factor authentication (MFA)? Is it read-only and encrypted?
- Are there data sets stored on vulnerable endpoint devices? This can put customers’ Payment Card Industry (PCI) or personal information (PI) data at risk of a breach and compliance violation.
- Restricting access to data at the endpoint is a crucial step in breach prevention. Is your IT team confident access to data is confined to what the end user needs to do their job? In retail, as workers move between store locations, conduct ecommerce transactions or work at a remote site in operations, the best way to protect data is to begin at the source: the endpoint.
- To ensure personal data cannot be exfiltrated at the endpoint, a good approach is to lock down access to the USB or other removable media to protect customer information. Then, use MFA so that when a user signs in to a device, they will have access only to what they need to perform their work.
- By moving data and critical applications off the endpoint device and to the cloud you can reduce the attack surface and further prevent any disruption or compromised data. This would also enable you to more efficiently recover from events like the July CrowdStrike outage. If your applications were in the cloud, you could retrieve data when possible and reduce costly downtime.
Endpoint Management Refinement
Retail organizations are investing in cloud-based management systems as part of their overall technology investment, estimated to reach $47.8B by 2030. Software management investments focus largely on unification of operations like billing, CRM and inventory operations.
This eye toward efficiency extends to the endpoint. Retailers that, on any given day may have hundreds if not thousands of devices on various operating systems, are looking for a means to add efficiency to this environment. An approach to consider is integrating with unified endpoint management systems, providing a single point of management and visibility. This could encompass Android and Apple devices as well as other endpoint operating systems, both legacy and modern.
Another key benefit of this unified approach is that it can support different communication platforms and applications. This solves a common problem in retail operations in which locations can be using different cloud providers or varying computing platforms.
Make Security Personal
Retail organizations will have a better chance of winning the battle against data breaches and resultant costly lawsuits and sanctions if they embrace the reality that all security is, in fact, personal. Whether it’s a phishing scam, social engineering or an inadvertent sharing of private customer data, these security events all start with people.
In the retail sector, which relies on a mix of permanent and seasonal workers, it is challenging to engage everyone in the personal practice of data security. It can be hard to overcome the misconception that it’s simply the IT department’s problem to handle. However, if the workers see that having a secure endpoint device helps them work safely, they may be more inclined to see the value of preventative security measures like controlled access and MFA.
Creating a culture of personal participation can encourage more attention to endpoint security. Consider these elements:
- Does your onboarding package for new hires, permanent or seasonal, include best practices on device data use and security?
- Within the onboarding package, is there adequate information on knowing the limits of their access to data and applications?
- Do you have any simulated phishing or other security exercises so workers can have an interactive, educational experience?
- If multi-factor authentication is in use, do your hires have adequate details on its use?
- Do you offer any incentives for a worker flagging a potential phishing scam or an email that may be identity-theft related?
As we approach holiday hiring it’s a good time for retailers to look at their cybersecurity at the endpoint or individual level and see what needs to be improved to engage workers in preventing data breaches.
In parallel, retail organizations need to provide the best secure endpoint computing for their workers. IT environments are inherently complex, and despite best efforts, issues can and do occur. The CrowdStrike outage underscores the need for robust, simplified and resilient systems to support workspaces. To achieve this, organizations will benefit from a secure OS; by moving critical data and applications to the cloud; and by having unified endpoint management to cut through the complexity. Thorough onboarding and communication with new hires is another recommended practice. The combination of individual participation backed with up-to-date security technology is the ideal strategy.
James Millington is VP, Industry Solutions at IGEL, the leader in providing a secure endpoint OS that is designed for VDI, DaaS, SaaS and secure browsing. Leading IGEL’s product and vertical market strategies, Millington has helped to define the IGEL Preventative Security Model™, which removes attack vectors often exploited by bad actors. Prior to joining IGEL, Millington held key leadership roles at VMware, Imprivata and Citrix. Millington holds an MBA from Oxford Brooks University.
