Intelligent CIO North America Issue 16 | Page 83

FINAL WORD
Advanced Persistent Threats ( APT ) persevere
As retailers continue to adopt cloud strategies , they increase their digital footprint , expanding their attack surface . However , with the increased complexity of the IT stack comes the struggle to achieve secure access . Retail IT teams often manage large networks across geographically distributed branch locations . This complexity , combined with the data they store , transmit and collect , makes retailers attractive targets for cybercriminals .
The retail industry has always been a fertile ground for collecting personal data . Cardholder data , in particular , provides a rich set of information such as cardholder name , primary account number and CVV . Malicious actors use stolen credentials to gain access to these systems and networks , disguise themselves as authorized users and harvest data .
In the second half of 2020 , malicious actors persevered , increasing their APT activity . Also noted in the latest FortiGuard Labs Global Threat Landscape
Report is that APT groups sought to gather personal information in bulk . One example of this is the MUMMY SPIDER group , which distributed a new version of their malware through email in the hopes of stealing account credentials and moving laterally across local networks .
Cybersecurity strategies for retailers in an evolving threat landscape
Digital Transformation became a mission-critical strategy . One example is the investment in contactless transaction technologies as a means to prevent the spread of COVID-19 . According to Fortinet ’ s Retail Security & COVID-19 Industry Survey 2020 Trend
Report , 58 % of businesses surveyed indicated that they adopted contactless transactions .
While contactless transaction technologies have protected physical health , they have also created new cybersecurity hygiene risks . This is underscored by research from the latest FortiGuard Labs Global Threat Landscape Report , which noted the prevalence of IoTbased IPS detections throughout 2020 .
Many contactless payment technologies use IoT to process payments faster and reduce consumer friction . But this can often lead to more issues down the line . For example , when customers choose to pay for an item by tapping their smartwatch screens , they add a new , often insecure , technology at the point of sale , opening a new door for potential cyberthreats .
As retailers respond to this new digitally-transformed business model , they need to lay the groundwork early on to prevent cyberattacks that can negatively impact reputation and revenue . This defense strategy should involve the following elements .
As retailers respond to this new digitally-transformed business model , they need to lay the groundwork early on to prevent cyberattacks that can negatively impact reputation and revenue . This defense strategy should involve the following elements .
Begin with a Secure SD-WAN
Retailers must mature cloud security more rapidly in an increasingly complex IT stack that includes internal and external-facing applications . Software-defined widearea network ( SD-WAN ) solutions can help provide additional flexibility and allow for more rapid architecture changes to support business requirements , but they often complicate ( or lack ) integrated security .
The challenge this creates is that retailers are either forced to add additional complexity via security bolt-
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 83