Retail Cyber Security

No other industry sector is in the public eye more than the retail sector and cyberattacks are the fastest growing crime in the U.S., increasing in size, sophistication, and cost. Last year, the number of U.S. breaches rose by more than 44% over 2016 and 102% over 2015. The retail sector provides a unique store of customer data from credit card information to personally identifiable information (PII) and continue to be one of the most attractive and vulnerable targets to cybercriminals. These cybercriminals seek to obtain financial and other customer data that they can monetize; they target point-of-sale (PoS) systems, e-commerce sites, mobile applications and customer databases to obtain stored financial data, PII, and the like. The type of cyber-attacks used to perpetrate crimes against the retail sector fall into various categories such as hacking (use of stolen credit cards), malware, ransomware, phishing and distributed denial-of-service (DDoS) attacks. Retailers find themselves in an environment where they must compete to keep customers while defending themselves against these ever-evolving cyber-attacks. Additionally, Advanced Persistent Threat (APT) actors aiming to gain a competitive edge over their competition may seek to understand supply chains and manufacturing processes in order to copy processes or identify weaknesses.

Regulatory Obligations and Industry Standards for the Retail Sector 

The Payment Card Industry Data Security Standard (PCI DSS) was developed jointly by American Express, Visa, MasterCard, Discover and JCB. It requires the use of firewalls, data encryption, monitoring and other controls to ensure confidential information stays safe. While meeting PCI DSS standards is essential, organizations today must adopt more flexible and forward-thinking SIEM solutions if they wish to avoid liability and manage risk, particularly when working in the cloud. Under the terms of GDPR, not only will organizations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners, or face penalties for not doing so.

retail cyber security

Fortalice’s Expertise in the Retail Sector

Many different categories of retail companies across the country entrust the Fortalice team to provide their cybersecurity services. Our dedicated support for these retail organizations range from providing innovative penetration testing, risk assessments, cyber intelligence assessments, forensics, incident response, M&A due diligence, threat monitoring for VIPs and/or board members, social media account take over, highjacked devices, extortion demands, and the design and review of secure technology infrastructures.

At Fortalice, we step out from the standard regulatory approach to look closely at the efficacy of security. We look not just at the organization’s compliance; but are the right controls in place and are they actually working. Our team works creatively to stop bad things from happening, help you recover quickly if an incident should occur and get to the heart of the matter to protect you. While many of our cyber risk client engagements are initially project focused, once the relationship is established, our customers come back to us as long-term trusted clients for the ongoing myriad of emerging cyber security issues that they face.

retail cyber security

Latest from the Wall