Strengthen Your Retail Business’ Cybersecurity with Zero Trust

“Critically, retailers need to implement a Zero Trust approach to security to remain competitive, and keep their staff and customers safe from cyber crime. A strong cyber security posture is critical for business enablement. Without it, retailers risk losing customers, damaging brand reputation, costly litigation and a halting of trading.”

In an article published for RetailBiz, Sekuro’s Customer CISO Lee Roebig expounded on the importance of aligning with Zero Trust for strong business cybersecurity, in a time where businesses are placed at high risk of cyber attacks.

The Current Situation

In today’s highly digitalised world, shopping for goods and services has never been easier. With the rise of online shopping, many retail businesses have shifted online to expand their customer base. However, this entails increased exposure to cyber risks, where cyber security management is critical to defending against the multitude of online scams that threaten to steal customer information.

This is especially so with consumers providing a significant amount of their personal and financial information to online retailers for transactions, which makes the industry highly attractive for cybercriminals. According to an article by Insurance Business Australia, “Australians have already lost over $1.8 million to online shopping scams by the first quarter of the year alone.”

The importance of Cybersecurity

“While we cannot stop the retail industry from being a lucrative target for cyber criminals, retail businesses do have the power to adopt strong preventative measures and conduct regular assessments of online platforms to protect customers.”

How Zero Trust Can Strengthen Cybersecurity?

Businesses can ensure both business agility and the enhancement of defenses by aligning with Zero Trust. In a simple definition, Lee referred to Zero Trust as “taking the stance that nothing should be trusted until proven otherwise.” 

This approach to security requires companies to constantly re-assess users, applications and systems and decide whether they should be given permission to carry out an action. With that, businesses can proactively mitigate the risks of a data breach or cyber attack, where security controls are built on the assumption that an attacker is within the system at any time. 

How Businesses Can Adopt the Zero Trust Approach

To help companies apply the concept of Zero Trust to their existing business operations, Lee introduced eight key pillars to consider: People, Identities, Endpoints, Networks, Infrastructure, Applications, Data, and Analytics.

The 8 Pillars of Zero Trust

Even though building a Zero Trust model from scratch may sound daunting, Lee provided six key strategies to help businesses get started:

  1. Enrol all staff in strong security training. This will provide them with the right knowledge and tools to defend against cyber attacks. Re-assess the effectiveness of the training regularly by conducting continuous social engineering and phishing tests.
  2. Protect email services with configurations: This will block links that trick staff into entering malicious websites or opening unsafe attachments. These configurations could include making sure staff is aware if the email is External, or quarantining emails with names that are suspiciously similar to internal staff.
  3. Use tools like web application firewalls that have secure software development practices and continuous security scanning services. This will help protect your external attack surface. Strengthen the security of your business web applications by using multi-factor authentication and strong password policies. 
  4. Incorporate strong segmentation practices that prevent communication between users, servers and applications that do not need to communicate with each other. This prevents the likelihood of a single compromised device leading to a company-wide breach.
  5. Utilising tools like application control, endpoint detect and response (EDR) and real-time cloud aware web filtering could protect your company against ransomware and malware attacks.
  6. Place an email address that discloses vulnerabilities on your websites, and offer multi-factor authentication to protect your customers’ online accounts. This shows your customers how much you value security, and how you will use it to protect their data.

Conclusion

Retail businesses need to protect their staff and customers from the many threats they are exposed to online. By first recognising the importance of Zero Trust in cybersecurity, they will be one step closer to building a strong security system that benefits everyone.

Scroll to Top