SmartStateIndia
Experts View

Are Retailers in India Cyber-Ready this Festive Season?

Kartik Shahani

By: Mr. Kartik Shahani, Country Manager, Tenable India

A key theme that emerged from the Retail Technology Conclave 2020 last week is that retailers in India need to accelerate their digital efforts to keep up with changing shopping behaviours of consumers. While the trend of online shopping isn’t new, the acceleration of digital capabilities brought upon by the recent health crisis is unprecedented and one that isn’t going away anytime soon. Indeed, with millions of Indians expected to do their shopping with a number of festivals fast approaching, retailers will be making the necessary online preparations to entice consumers.

However, the retail industry has been the target of some of the highest-profile data breaches in recent years. Point-of-sale systems, in-store mobile devices and the rise of e-commerce platforms have expanded the modern attack surface creating new opportunities for cyber attackers to get their hands on valuable customer data. Consumer personal identity and financial information promise enticing rewards for cybercriminals, who employ savvy schemes to steal and monetise these lucrative data assets for maximum profitability.

To understand the enormity of data breaches of online retailers, one only has to read about “Keeper” Magecart group. The group of cybercriminals who broke into at least 570 e-commerce stores in 55 countries, including India since 2017, and leaked information on more than 184,000 stolen credit cards and generated over $7 million (over Rs 52 crore) from selling compromised payment cards.

To prevent suffering a similar fate, retailers, especially those that have recently shifted their presence online have a duty of care to protect customer privacy and relationships by continuously building and maintaining trust. Retailers are expected to prevent data theft and fraud while simultaneously offering customised shopping experiences.

A few timely steps taken by online retailers to secure their infrastructure can make a big difference in reducing cyber risk.

You snooze, you lose

The focus for most retail organisations is on uptime, performance, throughput and availability to optimise retail transactions. A broken website during one of the biggest shopping periods of the year is any retailer’s worst nightmare. However, timely patching and other security-related updates shouldn’t fall by the wayside.

This is especially true as the number of vulnerabilities continues to grow in volume and pace. A vulnerability that impacts business-critical assets is the unwanted surprise no security team wishes for and failure to mitigate those that pose the greatest risk to an organisation could compromise business operations entirely.

Effective vulnerability prioritisation using a blend of threat intelligence and analytics is a critical and strategic business imperative for reducing cyber risk. For most vulnerabilities, a working exploit is never developed and of those, an even smaller subset are actively weaponised by threat actors, making it difficult to understand which vulnerabilities need to be remediated first. As staff numbers dwindle due to lockdowns and social distancing mandates, the strain on critical security resources makes the need for proactive, risk-based prioritisation even more apparent. Furthermore, already stretched security teams don’t have the time and the business doesn’t have the luxury to guess which vulnerabilities to focus on first.

To manage and measure cyber risk in the digital era, retailers require a holistic view of their computing environment. This will empower them to assess, manage and measure risk across the entirety of their rapidly expanding attack surface. If managed effectively, vulnerability prioritisation can help drastically reduce the number of critical vulnerabilities security teams need to remediate. Effective vulnerability priortisation will reduce cyber risk, increase efficiencies and help to alleviate the strain on security teams.

Adopting best practices to neutralise cyber threats, vigilantly protect consumer data across channels, secure payment card transactions and ensure compliance are crucial priorities for today’s retail sector operating in the new normal. Retailers who fail to take precautionary measures risk major impacts to the bottom line, brand integrity and business continuity.

Related posts

GoI is Moving Ahead With Data Protection Bill, It’s Time to Plan Yours

SSI Bureau

Lessons to Learn from Air India Data Breach

SSI Bureau

Leveraging Transactional Banking for Success in the Proptech Sector

SSI Bureau

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More