4 key strategies for the retail industry to fend off rising cybersecurity risks


Retailers are facing a more challenging cybersecurity environment than ever, according to a new study, Cybersecurity solutions for a riskier world. With physical and digital worlds colliding, greater levels of regulation, and more savvy cybercriminals, executives agree that we have entered a new era of cyber risk. 

In fact, 30% of retailers say they are not prepared for the threats ahead.

In response to these changes, the role of the retail CISO is expanding. With physical and digital shopping experiences melding, POS systems and e-commerce technology advancing, and cyberattacks, malware, ransomware, and credit card fraud multiplying, CISOs must take on a broader remit that spans functions across the enterprise. 

Here are four tactics successful CISOs and other security professionals are implementing to protect today’s hyper-connected enterprise.

[Related article: How top global CISOs protect their organizations amid rising threats]

1) Tighten up supply chain vulnerabilities 

As companies morph into retail ecosystems of partners and vendors, mitigating supply chain risk will become vital and more challenging. According to the ThoughtLab report, supply chain and ecosystem losses that resulted in disruption and higher costs were the main impacts of the most significant breaches experienced by the retail industry. 

For retailers that are still struggling to get these risks under control, they must look toward turning third-party risk management into a best practice. The National Institute of Standards and Technology (NIST) framework prescribes that organizations take several steps to secure supply chains, improve third-party risk management processes, and run routine supply chain audits and tests. The study's research reveals that organizations in advanced stages of supply chain maturity under the NIST framework can detect, respond to, and mitigate breaches faster. 

An improved response time is important, especially in the wake of recent data breaches. Supply chain risk management has emerged as a significant priority for CISOs, as 38% of respondents see the CISOs of their organizations taking on a growing responsibility for vendor, third party, and supply chain management. The good news for retailers is that 59% of retail executives are confident they've successfully managed supply chain risks — the highest across any industry.


"Supply chain attacks are getting very common these days. We are identifying and protecting all the vulnerable resources to mitigate these risks."

C-level executive, Australian e-commerce firm

For those who are behind the curve, a good first step is to create a better process for enabling suppliers to understand your security processes. As Steve Durbin, CEO of Information Security Forum, explained when interviewed for the ThoughtLab study, "If you want your supplier firms to be more secure, you need to show them how."

2) Harden attack surfaces for retailer Internet of Things (IoT)

The convergence of IT (information technology) and OT (operational technology) is an ongoing trend across industries. Unfortunately for many organizations, these two disciplines rely on processes, systems, and technologies that have operated in isolation. As the linkage between the two becomes stronger, cybersecurity professionals must keep a closer eye on the embedded risks.

According to the survey, 25% of respondents and 34% of CSOs believe that the convergence of digital and physical systems, enabled by IoT technology, has increased their organization's exposure to cyber risks. Additionally, many companies have struggled to make investments in IoT security, citing the complexity of OT vulnerability management, unsecured older devices, and the sprawl of legacy systems.

According to the analysis by ThoughtLab, prioritizing the protection of interconnected IT and OT assets leads to improved cybersecurity performance. In fact, 35% of organizations with no material breaches have invested in prioritizing the protection of these interlinked assets versus 25% of those with multiple breaches. Retailers, in particular, are doubling down on these initiatives, with 44% of respondents planning significant investments in IT and OT asset protection over the next two years —  more than any other industry.

Additionally, many executives are already fully invested in delivering programs to ensure IT and OT security. For example, one survey respondent stated that a more effective and recent cyber risk initiative had been "detecting OT and IT network interdependencies and implementing workaround or manual controls to ensure that ICS networks are disconnected if the connections affect the safety and dependability of OT operations." This highlights just how crucial it is for organizations to keep risk management top of mind when depending on these connections.

3) Upskill teams to clamp down on material breaches

Material breaches — those generating a large loss, compromising many records, or having a significant impact on business operations — rose by 24.5% across industries in 2021. Retailers experienced the most significant number of material breaches in 2021, with survey respondents averaging more than one material breach at their company per year. These breaches led to severe impacts, such as direct financial losses, business and supply chain disruptions, reputational losses, and other negative consequences.

In addition, 56% of retailers stated that the most significant breach their organization had over the past two years was due to human error — this was by far the most common reason. Consequently, inadequate cybersecurity training was cited as a considerable difficulty in retail, with 31% of executives looking at that area as a challenge for their companies. 

This signals the need to evolve and drive further education on business and cybersecurity best practices. Investing more in adequate employee training and strengthening understanding of processes and common cyber risk can ultimately reduce the frequency and severity of breaches.

4) Invest in SIEM to improve response to data breaches

Based on the survey findings, 46% of retailers are looking to replace or augment their current security information and event management (SIEM) strategy. Even more surprising, 28% of retailers said the most significant investment they plan to make in the next two years would be within SIEM. This focus on SIEM is a critical investment, given that, according to the survey, it still takes retailers an average of 125 days to detect a data breach and 55 days to mitigate the impacts. Upgrading their SIEM can help reduce vulnerabilities and potentially limit data breaches.

As retailers gain maturity on their cloud journey and look to take advantage of cloud agility and scalability, they must keep pace with modern security best practices and technology. As Mandy Andress (CISO at Elastic) states, "One big trend driving SIEM replacement is the cloud. As workloads migrate to the cloud, monitoring cloud deployments becomes essential to the business. Some older SIEMs needed a lot of care. Today's IT environments provide a firehose of data. While traditional SIEMs can ingest a lot of data, they don't always embed advanced analytics; it could take hours or days to analyze that data, which impacts the ability to investigate suspicious activity quickly."

Download the full report 

Those are several key takeaways from the cybersecurity benchmark study, but we encourage you to download the full report, Cybersecurity solutions for a risker world, and share with your team. Like ThoughtLab, we hope this robust cybersecurity analysis will make an important contribution to the world by helping retailers and business leaders optimize their cybersecurity resources to succeed in today’s new era of risk.

Start your 14-day free trial of Elastic Cloud today to test-drive how Elastic can support your evolving enterprise security needs.