Australian shoppers have been shifting online for years, the pandemic has only heightened the trend. E-Commerce and digital operations are clearly here to stay. But this comes with heightened exposure to cybercrime and digital identity protection challenges.
The Australian Cyber Security Centre just revealed a 13 percent increase in online crimes last year, with fraud and online shopping scams topping the list. Business Australia also warned that a small business is a victim of a ransomware attack every 11 seconds!
This, combined with regulatory requirements including the PCI DSS guidelines are making the protection of identities and managing access more important than ever.
I recently shared in Power Retail that with each new digital identity comes a potential security gap.
As the cybercrime landscape continues to evolve in 2022, it is critical retailers strengthen their Identity and Access Management (IAM) strategies.
What’s in Retailers’ Cyber Threat Cart for 2022?
1. The ‘Business as Usual’ Mentality Could be the Biggest Risk of All
While industry-wide digitisation and the rapid e-commerce boom are helping retailers work towards a ‘business as usual’ reality, there is no such thing in a cybercriminal’s world.
Hackers will exploit any weakness and they know that when things go ‘back to normal’ companies are likely to drop their cybersecurity guard.
2. Deep Fake AI Will Gain in Popularity
Deepfake technology is now so sophisticated that cybercriminals are carrying out very advanced attacks.
Using AI, they can for example clone the voices of an impersonate CEOs and key leaders of high-profile organisations to access critical resources such as bank accounts and sensitive data.
Big retail brands are expected to be a prime target in 2022.
3. Ransomware Attacks Will Continue to Grow Across Personal and Enterprise Networks
Worryingly, anyone today can become a cyber ransom actor and carry complex, sophisticated threats.
As workforces have become increasingly mobile and as retailers’ digital networks have expanded, there will be more opportunistic attacks where criminals take advantage of unpatched systems and security gaps.
Three Ways to Design a Successful Identity & Access Management Strategy
1. Build a Company-Wide Zero Trust Mindset
A Zero Trust model views trust as a vulnerability: any user or device looking to access confidential data cannot and should not be trusted by default.
Implementing a ‘trust no one, verify everyone’ mindset is a strategic, initiative-based security measure that requires strict and continuous identity verification and control of access to data, systems, and applications.
For it to be effective, it also needs to consider that the strategies implemented to verify may also fail. Therefore, it is important to implement a Zero Trust strategy based on a multi-layered security framework.
2. A Collaborative Approach Involving Business Leaders
Company leaders have a responsibility to make Zero Trust a business priority and a company-wide mindset.
They should work closely with IT teams to identify who should get access to company data, which applications are the most critical, who requires different levels of access and authentication controls.
Greater collaboration will lead to retailers’ IAM strategy evolving alongside the business as it changes and grows.
Finally, leaders have a responsibility to help educate their workforce – from the physical retail shops to the corporate head office – about the importance of securing digital identities.
3. A Platform Approach Allowing for Multiple Authentication Journeys
Whether it is staff, customers or partners, retailers have hundreds, oftentimes thousands of users trying to access the organisation’s systems and applications every day, all needing their digital identities verified and authenticated.
But many retailers have invested in multiple authentication solutions over the years to address changing needs and security requirements, which has created extra complexity and unnecessary costs.
IAM architectures need to evolve to make it easy to manage and implement all digital identities, processes, and technologies knowing that each requires different authentication journeys.
Rather than implementing multiple solutions and vendors, consider opting for a platform approach that includes a wide range of security and access management controls (two-factor authentication, encryption, key management, etc.).
Some Australian retailers are already leading the way: Specsavers has worked with Thales to set up a comprehensive two-factor authentication strategy designed to keep its remote workforce safe and meet the needs of its rapidly growing business.
As we enter 2022 digital identities need to be put at the heart of cybersecurity priorities. Implementing a Zero Trust mindset and a strong IAM strategy means retailers can continue capitalising on the e-commerce boom and digitising operations without risking major security gaps – and business losses.
For more information about how you can kick-start or improve your digital identities protection journey, please visit Thales Cloud Protection & Licensing (CPL)’s website or get in touch with one of Thales’ experts today: [email protected] .