Advertisement

Keeping Customers’ Digital Identities Safe This Holiday Season

By Kevin von Keyserling, Keyfactor

As the
retail industry gets underway for this year’s holiday season, it’s expected
that hackers will follow suit. In fact, 80% to 90%
of login attempts made to online retailers’ web sites are hackers using stolen
data — the highest percentage of any industry.

Widespread
coverage of major data breaches, including Amazon’s recent exposure
of user emails, demonstrates that retailers struggle to keep pace with evolving
threats. Multi-channel commerce, personal and credit card data and third-party
partnerships can all play a disparate role for cyber threats. When compared to
other industries, retail is heavily focused on compliance. Most cybersecurity spending
is tied to the Payment Card Industry (PCI) standards for protection of credit
card data, but checkbox compliance is not risk management and attackers have
clearly shifted their tactics.

Advertisement

When it
comes to cybersecurity in retail, it’s always busy season. So how can retailers
keep their networks, e-Commerce sites and mobile platforms secure over the
holidays and into the New Year?

The Evolving Hacker Landscape

76% of breaches in the past year were
financially motivated, and credit card numbers are only part of the personal
data that retailers track that can lead to monetary rewards for cybercriminals.
The shelf life of credit card data is short, but if it’s compromised and used
quickly, a cybercriminal can inflict a lot of damage through underhanded tactics
such as gift card and returns fraud.

The PCI
compliance is the most widely used standard for regulating financial data, but it
does not govern names, addresses, and purchases. As a result, cybercriminals
often bypass PCI-protected data in favor of personally identifiable information
(PII), because it is a much softer target that can be leveraged to exploit
loyalty programs or carry out online fraud. For retailers, reputation, brand
trust and sales are all potentially at risk.

The Risks And Realities Of Digital
Transformation

In the midst
of these attacks, the retail industry is experiencing a rapid pace of digital
transformation, highlighted by the Internet of Things (IoT). Thousands of
connected devices now perform transactions, move supply chains and manufacture
goods — creating a vulnerable attack surface. Compromise of even a single network-connected
device — from in-store point-of-sale systems to employee mobile devices — can
open a virtual “point of entry” into the network for hackers to inject ransomware,
unleash denial-of-service attacks or steal data. With mobile and IoT usage on
the rise from manufacturing and storage to sales and shipping, the risk only grows
if left unprotected.

What Can Retailers Do To Protect
Themselves And Their Customers?

Web servers,
POS systems, IoT and mobile devices each have personal identities that must be
secured on a massive scale in order to effectively thwart hackers. Accordingly,
effective digital identity management enables retailers to secure access to
business-critical data and devices, strengthen PCI compliance and adopt digital
transformation without compromise to consumers. Here are some baseline
strategies that retailers can utilize to reinforce their digital identity
management:

·       Scan your web site for vulnerabilities: Look for holes on your domain provider in order to
gauge where data could be uncovered. Frequently, retail web sites expose
administrative portals, which can be accessible to the public and increase the
risk of potential data leaks. Additionally, make sure that you have a password
policy in place so that employees don’t keep using default settings that can be
monitored and hacked.

·       Audit your current roster of digital certificates: Expired keys and certificates can
quickly lead to the same problem caused by hackers that retailers aim to avoid:
system outages. As a precaution, it is important to know where you stand with
updating your certificates in order to maintain your identity and prevent a
breach of customer information.

·       Integrate your automation into digital identity management: Automating your digital identity
management process can and will help retailers get ahead of the cyber warfare.
Retailers will be able to secure keys and certificates at the speed and scale
required, which in turn will make it more difficult for hackers to penetrate.


Kevin von
Keyserling is CEO and Co-Founder at Keyfactor. In this role, he is
responsible for company operations and oversees Keyfactor’s organic and
acquisition growth strategy. As a member of the Keyfactor leadership team, von
Keyserling is the chief steward of company culture. Building on the company’s
culture of success, he authored the “Ten Principles of Leadership.” These
principles shape the people, concepts and values that prevail and define what
it’s like to work at Keyfactor. Of the 10 principles, his favorite is creating
a learning environment. This principle helps individuals achieve their full
potential.

Access The Media Kit

Interests:

Access Our Editorial Calendar




If you are downloading this on behalf of a client, please provide the company name and website information below: