An industry under attack: What can retail learn from JD Sports?

assets/files/images/23_02_23/bigstock-hacker-code-in-laptop-cyber-s-450132043.jpg

By Johnny Carpenter, General Manager, EMEA at 11:11 Systems.

Over the past 20 years, the explosive growth of data created and held by organisations means it has only risen in value. In fact, around 85% of organisations see data as one of their most valuable assets, making it arguably the world’s most prized commodity.

Unfortunately, businesses are not alone in making this assessment. Large scale customer breaches are becoming increasingly common, and with complex and sprawling digital estates storing large amounts of customers’ personal and financial information, retail is a prime target.

The recent attack on JD Sports, in which cybercriminals accessed the data of over 10 million customers, is a sobering sign for the wider industry to take notice and bolster its data protection strategies. 

The initial financial and reputational damage to a business following a large breach is now well-known, however victim organisations can continue to suffer from the fallout of regulatory fines and civil lawsuits. JD Sports’ data breach, which includes email addresses, phone numbers and full names, leaves its customers susceptible to highly targeted spear phishing attacks in the months to come, which will no doubt continue to undermine the reputation of this retailer. 

Although JD Sports says it detected the unauthorised access immediately and responded quickly to secure the targeted server, this incident will no doubt contribute to a much wider problem for the industry: according to the Retail Trust Index, 50% of consumers don’t feel retail brands are doing enough to protect their online data. 

So, what can retail organisations do to learn from this incident and gain consumer trust?

Building a cyber security backbone

Firstly, it is important to note that in today’s complex and ever-evolving cyber threat landscape, businesses need to see the spectre of a cyber incident as less of an “if”, and far more of a “when”. With this in mind, it is vital to combine proactive cyber security measures with a robust disaster recovery strategy. 

The NIST framework, created by the National Institute of Standards and Technology, helps organisations of any size and sector improve the cyber security, risk management, and resilience of their systems. Originally intended for critical infrastructure, it is increasingly recognised by governments and organisations as the backbone of a cyber security strategy. 

The framework’s five key functions, Identify, Protect, Detect, Respond, and Recover, each form a primary pillar for a holistic cyber security programme. 

Identification 

No matter where the end user is, vulnerabilities exist. Approximately 55 new vulnerabilities are posted every day, and around 5% - those that can be remotely exploited and have already been weaponised - pose a real and immediate risk. Continuous Risk Scanning provides a view of all assets within a network environment and advises teams to focus on the vulnerabilities that most put those assets at risk.  

Protection 

Data today lives everywhere. Enabling secure connectivity and managing it ‘where it exists’ – across multiple sources and devices – is part of the challenge. Implementing managed firewalls will relieve security professionals from having to maintain the rule sets at the entry point to the network and ensure network security. 

In complex environments, CISOs need constant network visibility to monitor traffic behaviour, incorporating different data sources and identifying what is good and bad traffic. From here, intrusion prevention, network anti-virus and SDWAN solutions provide safety to all users in real-time whilst ensuring seamless, secure connectivity. 

Detection  

With more apps, more data, more locations, and more remote users every day, alert fatigue is a real problem in any IT team. 

Managed SIEM solutions allow security professionals to log cyber events and aggregate the details into an actionable format. It is vital in these events to react quickly, and SIEM provides valuable insights in the heat of the incident to identify the source of a breach and how to prevent further damage.  

Response 

In remote and hybrid environments, there is no shortage of attack vendors. The end user is the biggest vulnerability in any network environment and education is important. But the risk still exists, no matter how much training is given. Managed Endpoint Detection and Response (EDR) provides endpoint security to quickly identify and stop abnormal behaviours.

Recovery 

Even without a data breach, unplanned downtime can result in irrecoverable, long-term damage to the organisation, customers, and reputation. In late 2022, one of the UK’s largest car dealer networks, Arnold Clark, suffered a ransomware attack that locked staff out of their systems. Occurring in the run up to Christmas, the extended downtime impacted revenue during a key sales period, as the dealer was unable to complete handovers of new vehicles.   

Effective recovery requires proactive data backup and replication. Clear disaster recovery strategies need to be implemented across an organisation, and backups tested regularly, allowing businesses to failover and resume operations even during a cyber incident.  

Managing Security Risks

As a vulnerable and valuable industry, retail CIOs and IT leaders are being pushed to address growing security threats, application vulnerabilities, and network weaknesses that can expose their businesses to data breaches. 

Cloud adoption, which is increasingly vital for retail organisations to remain competitive, support scaling workloads and boost network uptime, nevertheless creates increasingly complex estates to defend. For an in-house security team, managing this risk can be difficult and expensive.

Managed security services improve visibility and mitigate cyberattacks, hitting each key pillar of the NIST framework whilst alleviating the pressure on IT teams. 

Unfortunately, large scale cyber incidents show no sign of slowing down in 2023. If there is one lesson to be learnt from the recent attacks on JD Sports, Royal Mail, and MailChimp, it is that investing in proactive, consistent risk monitoring and remediation is a necessity and should be prioritised by every business. For retail organisations, this is not just essential to avoid financial damage and build resiliency: the trust and wellbeing of customers is at stake.

Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter