Australia’s end of year shopping season is expected to be frantic, with Finder suggesting Australians will collectively spend $23.9 billion this festive season. That’s $6.6 billion more than last Christmas!
As spending continues to rise so does cybercrime, with dramatic consequences.
Retail remains one of the least protected industries against malicious actors. Thales’ Cloud Security Study identifies that 44 percent of retailers have been hit by ransomware in the past year, higher than any other industry.
Encouragingly, it’s not because of a lack of investment in cybersecurity, rather a gap in where protection is most needed today.
Digital identities: cyber frontier for the next decade of retail
The pandemic has increased the adoption of cloud, remote working, and online shopping, pushing security perimeters beyond physical walls.
Retailers now operate in a completely ‘perimeter-less’ environment where employees, customers and partners can gain access to applications and systems using a digital identity.
Digital identities – and the credentials that protect them – define how we work, live, and now also shop.
Every time someone attempts to connect to an organisation’s system, their digital identity needs to be verified and approved as safe and legitimate through appropriate levels of authorisation.
Addressing retailer’s weakest link: humans
As the OAIC pointed out in its data breaches report, human error remains a major source of breaches.
This is worrying considering the retail industry’s struggle to retain staff and heavy reliance on temporary and part-time workers. While Retail is one of Australia’s largest employers, it has an average turnover of 41 percent each year, replacing staff every nine months, compared to the national average of just 16 percent.
This is making security and authentication extra challenging, with more third-party devices and digital identities to deal with.
Retailers can’t rely on traditional training and re-training to keep staff on top of security best practice. Instead, the emphasis needs to be put on cost-effective, super intuitive and easy to use tools that can be easily taken away from outgoing employees.
Stronger Identity and Access Management, wrapped in a Zero Trust approach
Protecting thousands, if not millions of digital identities is complex.
Retailers often end up with multiple solutions across departments while groups of users require varying levels of access. This leads to disparate authentication systems and strategies, leaving glaring gaps through which hackers can sneak in undetected.
The first step towards better protecting digital identities is to adopt a ‘trust no one, verify everywhere’ mentality and Zero Trust approach, where only authorised and authenticated individuals can gain access to online systems, corporate assets and data.
The second step is to remove, not add complexity. This comes down to the type of Identity and Access Management (IAM) policy and solutions in use.
What to look for?
Retailers need to move to a more comprehensive Access Management strategy with an identity-centric, layered approach at its core.
Smart Single Sign On policies that provide frictionless authentication and passwordless identities while allowing access to multiple applications have proven the most helpful.
Including FIDO, One Time Password, and more, these allow for any unusual activity concerning a digital identity (a suspicious time of day, device, geography, network or other) to be questioned and identity revalidated.
It sounds simple, but there are so many solutions available on the market that it is challenging not to end up with disparate systems that create more complexity for IT teams staff, customers and partners.
Instead, retailers want to look at one single, integrated platform that offers:
- Ease of use should be the number one priority to overcome the limitations imposed by high attrition low retention rates in the retail industry. Select one single IAM platform, rather than combining solutions from various providers. This will help make things simpler, provide a seamless access for everyone and reduce potential security gaps.
- Breadth of identification strategies options. This is extremely important when you consider the wide range of users that transit through retailers’ systems all requiring different levels of authentication and access. Passwordless options include Two-Factor Authentication (2FA), Multiple Factor Authentication (MFA), Single Sign On (SSO) and more.
- Ability to deploy multiple authenticators. This will help suit multiple user profiles within the same organisation.
With the right IAM platform retailers can better safeguard confidentiality, integrity and availability of their key assets and data, both in the cloud and on-premise.
Most importantly, adopting a Zero Trust mindset and a strong IAM platform will enable retailers to protect the privacy of their customers’ data, and remain compliant with the growing regulatory landscape so they can end 2021 with a bang rather than a breach!
For more information about how you can kick-start or improve your digital identities protection journey, please visit Thales Cloud Protection & Licensing (CPL)’s website or get in touch with one of Thales’ experts today.