Why the retail industry should embrace access management

The Works, which sells books, toys, and other objects, has 520 stores across the UK. Recently, many of those locations had to temporarily close after a major cyberattack on the retailer. This kind of cybersecurity incident is becoming more and more common across the globe as cyberattacks soar and industries like retail find themselves digitizing faster than their cybersecurity architecture can keep up. In fact, the retail industry recently topped the list as the most targeted industry of phishing attacks. It’s becoming a major problem.

The state (and digital transformation) of the retail industry

Retail, similar to manufacturing, is finding itself in the middle of a digital evolution. Organizations are growing (the retail industry grew 14% in 2021 and is a trillion-dollar industry), and with that growth comes a digital footprint that allows them to manage everything from HR to international shipping to inventory across locations online. Retailers are now not only in the commerce (and often e-commerce) game, but are regularly gathering private personal information from their customers. From the handheld POS devices clerks use to scan credit card information to customers’ birthdays logged into systems for rewards, and beyond, retailers’ networks are full of valuable information that bad actors would love to steal and sell themselves. Then, there are the third parties. As the digital footprint expands, so does the number of third parties a single retailer is connected to. The number can get up to thousands, and each one is a major vulnerability for an organization due to lack of visibility and control.  All of these components create an environment that is ripe for phishing, ransomware attacks, and other cyber crime.

Cybersecurity threats facing the retail industry

Every aspect of the retail industry mentioned above also creates a vulnerability.  The major ones are:

  • The move from analog to digital means valuable system data and operations systems are stored in servers and the cloud — both of which can be hacked and held for ransom.
  • Digitization naturally means working with more third-parties, and it only takes one third-party breach to disrupt an entire network — a la The Works having to close their doors. 
  • Retailers are gathering vast amounts of private information from customers — including credit card numbers and PII, all of which are prized items for hackers.
  • It’s difficult for retailers to manage internal access due to high turnover the industry faces (from warehouse workers to cashiers and more).

Hackers seize on vulnerabilities like the ones above and use it to take down retail systems, hold information for ransom, and steal data to sell on the dark web. It’s not a surprise then, that bad actors have their sights set on the retail industry.

How access management can help keep retailers safe

Critical access management, or the securing of access points and the assets behind them, is the best way for retailers to protect themselves from mounting threats. By taking a decentralized approach, an organization can start to understand specific needs different access points have and tailor solutions to best fit those needs. Since retailers deal with a vast array of third parties, focusing on third-party access software, or at minimum, working to gain visibility and access control over those third-parties, is a much safer option than relying on reputation or trust. Same for internal access. High turnover can lead to access creep, orphaned accounts, or a host of other issues. So focusing on user access reviews and implementing zero trust network access and the least privilege access model is a stronger approach than just trusting employees with unlimited access to keep your business safe.