Bringing Cybersecurity Back into Vogue this Fashion Season

David Higgins, EMEA technical director, CyberArk, explains why cybersecurity is no catwalk.

Fashion Week’s return across the four major cities – New York, London, Milan, and Paris – for the first time since the pandemic presents a beacon of hope to the entire fashion industry, given the difficulties many brands have faced over the last 18 months.

The return is a hybrid one, with all events set to be equally split between live catwalks online and in person. Although some of the aspects we have missed will make a welcome return, including brand events, parties and installations – others will continue to be absent, such as London Fashion Week not including contributions from renowned designers such as Victoria Beckham and Burberry.

Just as fashion week season itself has had to adapt to new circumstances, the reality for retailers has also shifted. Even before the pandemic, sales were slowly trending towards online channels, fuelled to peak higher around the November events such as Black Friday and Cyber Monday. After March 2020 the percentage of sales being made online in the UK almost doubled, and we still make roughly 26% more purchases online than we did last February. Many retailers have revamped their online offerings in response to this sudden shift, with shoppers now offered virtual try-on, personalised in-app recommendations, augmented reality (AR) based virtual experiences, and high quality customer service. The rise of payment splitting services like Klarna has also helped their cause, with some retailers even offering their own interest-free affordability tools.

Making Security Central to Your IT Collection

These technologies rely on increased personalisation, which brings increased personal data collection, and also increased security compliance requirements. Previously, the priority was securing in-house ‘endpoints’ such as tills, tablets, and interactive screens, alongside the back-end infrastructure supporting stores’ retail operations. As well as having to cope with corporate staff newly operating their devices from home, the greater proliferation of devices and data used and generated per store has created a whole new threat landscape within the shopping experience, affording more ‘ways in’ for savvy hackers to infiltrate the network. The prize is higher, too, with exponentially more payment details and customer data up for grabs.

This challenge is familiar to online retailers, who have always been a target as a payment centre, and for some years have needed to stay one step ahead. But with new technologies being introduced and their security perimeters constantly expanding, retailers must invest in protecting what attackers seek most: privileged credentials to traverse through the network. Research by Verizon indicated that privilege abuse featured in at least 60% of breaches across all industries in 2020, demonstrating that poorly secured identities are being abused regularly to progress attacks.

Securing retail networks needn’t be a daunting task and can be broken down into manageable steps. Focus should be placed on implementing least privilege as a discipline, meaning users and machines can only access what they need to be able to access so, if a hacker is able to compromise a single user account, their ability to move laterally is restricted. This protects mission-critical workloads while buying valuable time to detect and respond to an attack.

Once that important first step is taken, regular auditing should be implemented to shrink the attack surface. A thorough audit process can identify orphaned and excessive permissions and limit them to the least privilege required for a service to work properly.

Finally, take a leaf from other sectors. Many businesses across a range of industries from banking to manufacturing are hiring a team of ethical hackers to always test critical systems. To protect from hackers, you have to think like one continuously.

These tactics have to be added to the top of the shopping list if retailers want to stay one step ahead and keep critical customer data safe.

Why Cybersecurity is No Catwalk

Before new identity security measures are implemented however, education has to take place. The Verizon 2020 Data Breach Investigations Report showed that in retail, system intrusion and social engineering were the first and second most prevalent forms of attack, meaning that not only does retailers’ identity security need to be on point, but their staff need to be well trained to identify when they are being targeted. The report also argues that the current model of cybersecurity training offered to employees is ineffective, and does not mimic real life situations, nor the behaviours that lead to breaches. Basic training in ‘cyber hygiene’ is crucial to ensure that all employees are equipped to deal with cyber-attacks before they happen and not let malicious hackers into the network. That is why empowering employees to understand the new threat landscape has to be front and centre.

This fashion week season, along with the excitement over the latest designer lines, at least some of the retail clamour should be focused on cyber hygiene. Delivering an innovative digitally engaging customer experience is essential to restoring the retail sector both post-pandemic, but ensuring robust security is a fundamental pillar to building a trustworthy experience. The retailers that manage to thrive after the challenges of the pandemic will be those that see technology as an enabler for ‘good business’ placing robust cybersecurity at the heart of the shopping experience.

By David Higgins, EMEA technical director, CyberArk.

Popular Articles