By Ron Brown, VP of Technology, White Rock Cybersecurity

Digital transformation has been the biggest disruptor for retailers over the past few years, holding the promise to truly transform retail business models. Yet with the holiday season fast approaching, that same digital transformation is also a double-edged sword. In a survey by BDO, 34% of retailers cite cyber attacks or privacy breaches as the top digital threat facing their businesses, with long-term objectives by 40% of retailers surveyed being to shore up their cybersecurity.

 With cyber attacks and breaches on the rise, the holidays have become a lucrative time for cybercriminals. Consider:

• Retailers are often targeted by a wide range of tactics, techniques, and procedures (TTPs) including Card Not Present (CNP), gift card fraud, skimming, malware, account takeovers, and denial of service.

• Third-party vendor security has become a greater concern. When Target was breached back in 2014, the compromise happened via stolen vendor credentials of Target’s heating and air conditioning contractor. For most retailers, their Point of Sale (PoS) software and devices will be the Achilles Heel that constitutes a third-party risk.

Today, every organization is a target for cyberattacks, with industries that possess the most valuable data being the biggest targets. Retail is at the top of that list. However, following these steps, retailers can protect their businesses, their supply chain, and their customers from falling victim to cybercrime.

1. Ensure Continuous Monitoring, Detection, & Response (MDR)
   Invest in an appropriate level of MDR services based upon the cyber threats your organization anticipates. The key is to rapidly detect intrusions to quickly contain and eradicate the malware to reduce negative impacts upon the information system and data assets.

2. Perform Network and Endpoint Threat Assessments
   The growing list of information systems, software applications, bring your own devices, and Internet of Things (IoT), testing networks and endpoints with Intrusion Detection Systems (IDS) will reduce potential vulnerabilities to cyber-attacks.

3. Conduct Email Threat Assessments
   Email is a top gateway into an organization’s infrastructure. Conduct periodic email threat assessments targeting malware that may have made it through their anti-virus and firewalls. 

4. Implement an Effective and Timely Patch Management Program
   Some of the most significant data breaches were the result of organizations failure to implement effective and timely software patch management program of Microsoft and Cisco software.

5. Establish a Cybersecurity Awareness and Education Program
   The most cost-effective means to improve cybersecurity posture is to create a human firewall by providing quality cybersecurity educational programs to all employees and partners.

Cyberattacks are increasing in sophistication and magnitude of impact across all industries globally. However, taking proactive precautions and fine-tuning cybersecurity programs can help protect your business, supply chain and your customers against cyberattacks this holiday season.