Keeping Customers’ Digital Identities Safe This Holiday Season
By Kevin von Keyserling, Keyfactor
As the retail industry gets underway for this year’s holiday season, it’s expected that hackers will follow suit. In fact, 80% to 90% of login attempts made to online retailers’ web sites are hackers using stolen data — the highest percentage of any industry.
Widespread coverage of major data breaches, including Amazon’s recent exposure of user emails, demonstrates that retailers struggle to keep pace with evolving threats. Multi-channel commerce, personal and credit card data and third-party partnerships can all play a disparate role for cyber threats. When compared to other industries, retail is heavily focused on compliance. Most cybersecurity spending is tied to the Payment Card Industry (PCI) standards for protection of credit card data, but checkbox compliance is not risk management and attackers have clearly shifted their tactics.
When it comes to cybersecurity in retail, it’s always busy season. So how can retailers keep their networks, e-Commerce sites and mobile platforms secure over the holidays and into the New Year?
The Evolving Hacker Landscape
76% of breaches in the past year were financially motivated, and credit card numbers are only part of the personal data that retailers track that can lead to monetary rewards for cybercriminals. The shelf life of credit card data is short, but if it’s compromised and used quickly, a cybercriminal can inflict a lot of damage through underhanded tactics such as gift card and returns fraud.
The PCI compliance is the most widely used standard for regulating financial data, but it does not govern names, addresses, and purchases. As a result, cybercriminals often bypass PCI-protected data in favor of personally identifiable information (PII), because it is a much softer target that can be leveraged to exploit loyalty programs or carry out online fraud. For retailers, reputation, brand trust and sales are all potentially at risk.
The Risks And Realities Of Digital Transformation
In the midst of these attacks, the retail industry is experiencing a rapid pace of digital transformation, highlighted by the Internet of Things (IoT). Thousands of connected devices now perform transactions, move supply chains and manufacture goods — creating a vulnerable attack surface. Compromise of even a single network-connected device — from in-store point-of-sale systems to employee mobile devices — can open a virtual “point of entry” into the network for hackers to inject ransomware, unleash denial-of-service attacks or steal data. With mobile and IoT usage on the rise from manufacturing and storage to sales and shipping, the risk only grows if left unprotected.
What Can Retailers Do To Protect Themselves And Their Customers?
Web servers, POS systems, IoT and mobile devices each have personal identities that must be secured on a massive scale in order to effectively thwart hackers. Accordingly, effective digital identity management enables retailers to secure access to business-critical data and devices, strengthen PCI compliance and adopt digital transformation without compromise to consumers. Here are some baseline strategies that retailers can utilize to reinforce their digital identity management:
· Scan your web site for vulnerabilities: Look for holes on your domain provider in order to gauge where data could be uncovered. Frequently, retail web sites expose administrative portals, which can be accessible to the public and increase the risk of potential data leaks. Additionally, make sure that you have a password policy in place so that employees don’t keep using default settings that can be monitored and hacked.
· Audit your current roster of digital certificates: Expired keys and certificates can quickly lead to the same problem caused by hackers that retailers aim to avoid: system outages. As a precaution, it is important to know where you stand with updating your certificates in order to maintain your identity and prevent a breach of customer information.
· Integrate your automation into digital identity management: Automating your digital identity management process can and will help retailers get ahead of the cyber warfare. Retailers will be able to secure keys and certificates at the speed and scale required, which in turn will make it more difficult for hackers to penetrate.
Kevin von Keyserling is CEO and Co-Founder at Keyfactor. In this role, he is responsible for company operations and oversees Keyfactor’s organic and acquisition growth strategy. As a member of the Keyfactor leadership team, von Keyserling is the chief steward of company culture. Building on the company’s culture of success, he authored the “Ten Principles of Leadership.” These principles shape the people, concepts and values that prevail and define what it’s like to work at Keyfactor. Of the 10 principles, his favorite is creating a learning environment. This principle helps individuals achieve their full potential.