What does a hacker look like? Do you envision someone with a hoodie on in a dark room bent over a keyboard? That may be the image that circulated for years, but as the National Retail Federation (NRF) noted, hackers are often highly organized crime groups whose job is to make money. And its big business––with retailers of all sizes becoming targets. In fact, two out of three companies in the retail sector reported being attacked by ransomware in 2022.
Criminal organizations responsible for these attacks are typically made up of teams of bad actors who band together. Some teams of hackers specialize in infiltrating networks and selling that network access to other teams, like ransomware “experts,” who monetize that access––extorting businesses for financial gain. Other teams specialize in selling stolen data, particularly Personally Identifiable Information (PII) that can be used for fraud and theft. Collectively, their efforts wreak havoc and cause significant damage to enterprises and individuals alike.
If it takes a team of “experts” to deploy ransomware, how can a retailer mount an equally organized response and level of effort to protect their networks? That was a common question across multiple sessions at this year’s NRF Protect event, a conference dedicated to bringing cross-functional retail teams together to address loss prevention, asset protection, digital fraud and cybersecurity.
Based on presentations and hallway discussions at NRF Protect, the answer to that question can be summed up with these four strategies for safeguarding the retailer’s network:
- Deploy solid cyber defenses before you are asked to pay ransom. Retailers are sometimes reluctant to invest fully in their cyber defenses, preferring to apply available funds to other business initiatives. Industry experts at NRF Protect encouraged retailers to invest in defending their networks upfront to reduce their risk of being victimized and potentially paying more in the end.
- Recognize that cybersecurity is a business enabler and competitive advantage. Gone are the days when security was a sunken cost. Businesses can no longer expect to operate long term without it. And consumers today want to know that retailers protect their data. Having strong cyber defenses not only enables business continuity, but it also offers a competitive advantage against those who do not adequately protect their networks or their customers’ personally identifiable information (PII).
- Consider deploying your own team of experts. Regardless of whether a retailer has skilled resources in house, they can significantly expand capabilities and improve their ability to protect the network by accessing the expertise of a Managed Cybersecurity Service Provider (MSSP) like Hughes. Speakers at NRF Protect stressed that because the attack landscape is getting worse, not better, outsourcing the monitoring and management of security devices and network systems to an MSSP can enable retailers to mobilize more robust teams, strategies and technologies to combat relentless daily threats.
- Join forces within your industry. Because cyber criminals are sophisticated and aggressive and the landscape so volatile, staunch competitors and big brands are now banding together to help one another by sharing information about vulnerabilities, breach experiences and cybersecurity strategies. As they learn from one another, they are advancing their individual efforts and those of the entire industry, helping to make everyone less susceptible to attacks. Small to medium-sized retailers are advised to do the same and to work closely together to increase their knowledge and understanding of what’s happening in their sector and to their fellow businesses.
Ultimately, the message at NRF Protect was that retailers small and large don’t have to go it alone when it comes to fighting cybercrime. By leveraging the collective strengths of industry, each other and MSSPs, they can mount organized cyber defenses to support continuity of operations, safeguard customer data and position their brands to thrive long-term.
Learn more about the Hughes suite of Managed Cybersecurity Services, including Managed SASE, Managed UTM and Managed Firewall.