Women’s activewear brand and retailer Lorna Jane is one of a growing number of retailers recognising the need to better understand and protect against cybersecurity threats, joining services with cybersecurity solutions provider Sekuro to develop its cyber-resilience profile.
“Operating at the intersection of the digital technologies and cybersecurity industries, Sekuro reduces cyber risk while new technologies are adopted,” Sekuro CMO Nick Flude tells Power Retail, “Ultimately building business resiliency and enabling innovation.”
For Lorna Jane, the embrace of a more resilient cybersecurity profile came as a result of recognising gaps in the brand’s visibility when assessing its own online presence. Having only a small IT team of six people servicing more than 1200 employees, on top of the activewear brand’s shopfront, online and warehousing assets, the opportunities for Lorna Jane’s team to effectively understand the cyber landscape around them risked falling by the wayside.
The change was further motivated by the rapid growth for the brand’s online sales as a result of COVID and changed consumer habits, driving online sales but also simultaneously increasing the brand’s cyber risk, all while reinforcing the importance for the retailer to both embrace and better understand the technology now increasingly at the forefront of their operations.
“As the online presence of retailers has expanded, particularly during the pandemic, so have their attack surfaces,” says Flude, “Sophos found that retail, together with education, was the sector most hit by ransomware in 2020.”
Increasing the focus towards online and cybersecurity, Lorna Jane suggests, was about a lot more than just downloading the right softwares – it required a culture change.
“We needed to get to a place where cyber security was not just an ‘IT’ thing, but rather, part of the organisational culture of Lorna Jane,” says Darryl Roberts, Group IT Manager at Lorna Jane.
The answer for Lorna Jane was not only to tap into the expertise and insights of cybersecurity specialists Sekuro, but also to adopt a ‘Zero Trust security framework’ viewed as one of the single most effective cybersecurity strategies and solutions – particularly for retailers. Such a ‘Zero Trust’ framework is one that operates largely as it suggests on the tin, so to speak, embrace a concept wherein no person, device, object or connection will be trusted until such a time as it is proven that it should be.
The strategy is one that is as dynamic as it is effective, compelling organisations adopting the strategy to ensure that they are frequently assessing and reassessing the safety of their cyber frameworks and the trustworthiness of those accessing it. For Lorna Jane, implementing the strategy took the form of an ‘alliance’ of cyber security software processes to build the most effective ‘Zero Trust’ cybersecurity profile.
This alliance, chiefly overseen by the expertise of the team at Sekuro, took in such services as that provided by digital identity platform Okta, data loss prevention and risk insights provider Netskope, and general cybersecurity profile management experts Crowdstrike. The comprehensive alliance and overall strategy is necessary, Sekuro suggests, to best protect retailers like Lorna Jane against the kinds of cyber threats and risks that have grown rapidly in recent years.
“An area we’ve seen a lot of growth in is merchant fraud. This is where a customer’s bank card or even entire identity can be stolen by targeted attacks, and it can impact any business taking card payments, making retailers a prime target,” says Nick Flude, “Other common attacks we’re seeing against retailers include credential phishing and malware attacks.”
Another element of Sekuro’s participation in the cybersecurity strategising for Lorna Jane is the annual conduction of penetration tests, essentially the proactive testing of an organisation’s cybersecurity through a series of tests and probes designed to identify potential exposed risks and weaknesses in order to introduce fixes before a hostile cybersecurity threat can find the same weaknesses to exploit them.
It is a basic but crucial and effective cybersecurity strategy, and one that telecommunications giant Optus could have utilised to avoid the same kinds of cyberattacks as that which they recently suffered.
“The Optus breach should come as a wake-up call to all retailers. Whilst the circumstances and severity of each attack will differ, this could happen to any organisation – it’s no longer an if, but a when and to what extent,” Flude says, “We need to stop waiting for attacks to “learn our lessons” and take proactive steps to build resilient organisations. Retailers are a high-value target, with most storing personal information including physical addresses and banking details of their customers.”
Ultimately, the example of Lorna Jane in so proactively seeking to safeguard their online presence is one all retailers would do well to learn from, not only seeking to build on their cybersecurity profiles with the assistance of experts and innovative technologies but further seeking to introduce cybersecurity awareness as a cornerstone of the brand’s workplace culture. This has manifested in training opportunities for Lorna Jane employees to develop their own cybersecurity expertise, an asset in such high demand within the retail industry that it almost acts as a kind of double edged sword.
“Once we train someone up, they suddenly become attractive to another company,” Lorna Jane Group IT Manager Darryl Roberts explains, “Having Sekuro on board means its team is there to not only implement the technology roadmap but also as a recruitment tool to help us out.”
The full picture of the strategy, Sekuro asserts, is one that puts Lorna Jane in a more secure and ultimately profitable position than it had been before. Or as Flude concludes, “By embedding a Zero Trust approach into the organisation, Lorna Jane has taken significant steps to ensure its systems are best practice, compliant, and secure from outside threats.”
With October marking Cyber Security Awareness Month, Power Retail will be continuing the story of cybersecurity, threats to the Retail industry and how businesses can prepare and safeguard themselves in the week ahead. This article is the third part of this mini-series, stay up to date as we look to conclude our dive into the world of cyber solutions and protections for retailers by subscribing to Power Retail’s newsletter today.