When much of the world shut down in response to the COVID-19 pandemic, one sector saw an explosion of activity—online shopping. Without the ability to visit stores in person, consumers had everything from groceries and take-out meals to inflatable swimming pools and lumber delivered to their homes.
Cybercriminals, sensing an opportunity, pounced. A study from cloud computing company Iomart found that large-scale breaches increased 273 percent in the first quarter of 2020. Between May 2020 and May 2021, the FBI reported that the number of cybercrime complaints increased by one million. For comparison purposes, it previously took nearly three years to reach the same number of complaints. In some cases, the number of daily complaints tripled or quadrupled.
Even with in-person shopping reopening in most places, the onslaught of cyberattacks continues. For example, billion-dollar fashion brand Guess reported “unauthorized access” to certain IT systems between Feb. 2, 2021, and Feb. 23, 2021, which led to a breach of Social Security numbers, driver’s license numbers, passport numbers, and financial account numbers. In April, ransomware group DarkSide boasted about the attack, claiming it stole 200GB of data from the merchant.
Retailers are collecting an enormous amount of consumer data, and as that repository grows, it becomes even more attractive to cybercriminals. Additionally, physical stores are full of connected devices, including cash registers, mobile computers, and kiosks, often linked to a wireless LAN. As a result, retailers have been the victims of an increasing amount of malware, ransomware, and phishing attacks that have compromised millions of customers’ data. These attacks also damage retail brands and result in substantial financial losses.
For MSPs with retail clients, the recent spate of ransomware attacks making headlines highlights both their own vulnerabilities and the unique risks in the retail industry, given the large amount of payment and consumer data moving around. So, how can MSPs help these clients remain secure and respond appropriately when there’s a breach? There are a few best practices that can help.
Retail clients should have a data breach plan. When a breach occurs, time is of the essence, both in stopping the attack and alerting customers. Therefore, retailers should have a detailed plan outlining stakeholder responsibilities, attack mitigation strategies, how to recover and restore data, manage the event, report the breach to the public, and notify customers whose data may have been compromised. Additionally, they must identify key personnel in IT, legal, risk compliance, marketing, and other divisions involved in the response. Establishing a plan before a data breach will save time and avoid confusion when an actual attack occurs.
Provide robust backup and data recovery services. A ransomware attack can go from inconvenient to critical if the retailer is unable to recover its data. Make sure that retail clients frequently back up the data in their network and have a recovery plan in place that includes regular testing to ensure that it works.
Help clients with post-attack forensics. Any breach (or breach attempt) should be thoroughly investigated and documented. This process will help retailers provide information to their customers, regulators, or other parties and help adjust the response plan for future incidents. MSPs can also help connect retail clients with forensic specialists to assist with investigations.
Prepare for the post-breach response. Retailers should already have relationships with vendors that can help with the customer response should data be compromised, including mass mailing services, credit reporting services, and response hotlines. There should also be a crisis communication plan. Many companies want to wait until they know all the facts before going public, but this can compound the damage from the breach. Instead, retailers should be as transparent as possible as they work to mitigate the damage, investigate the source of the breach, and help consumers recover.
Provide guidance to retailers for managing, storing, and deleting data. While retailers have gotten better at collecting consumer data, they don’t always follow best practices when storing it or even determining what data they need to keep. Retailers that have been in business for decades may have sensitive customer data stored in legacy systems that don’t meet current security standards. MSPs can help those clients remain secure by mapping current data, evaluating what’s necessary to retain, and ensuring the data is properly protected. Try to minimize the amount of customer data that is stored to the bare minimum. The less data in the system, the less damage a breach will cause.
Help clients with partner due diligence. Retailers also frequently utilize third-party providers for payments, customer relationship management, and other services that could create vulnerabilities. Make sure retailers do their due diligence to ensure these vendors and partners are compliant with industry security standards, too.
Provide adaptive security tools designed to protect against current and future attacks. Make sure that retail clients are making use of the most up-to-date security strategies and technologies, including security-centric remote monitoring, multi-factor authentication, encryption, a zero-trust strategy, artificial intelligence, and network segmentation. MSPs also need to make sure their own house is in order to avoid a cascading series of attacks similar to those we have experienced recently.
As retailers open their doors again, they need to remain vigilant regarding the rapidly increasing number of cyberattacks they face. MSPs can provide critical services and assistance when it comes to protecting data and responding to breaches when they occur.