Cyberattacks often target the retail sector, although many of these threats are aimed at the e-commerce channel, businesses have also reported incidents where in-store Wi-Fi access points and even IoT devices are exploited as attack vectors. This is reflected in several studies, which reveal that, together with the education sector, the fashion industry was one of the hardest hit last year and 60% of retail companies are at risk of suffering an attack.
Akubra, a Tasmanian company that has been manufacturing traditional Australian hats since 1874, supplying the army and many other high-profile groups and customers in the country, is a prime example of these attacks. Some time ago, the company noticed that the volume of cybersecurity incidents was increasing. Emails were the main attack vector, but they were also concerned about the weakness of the Wi-Fi networks in their stores. That is why they opted for an advanced firewall appliance to protect their server, combined with secure Wi-Fi access points for physical stores. Thanks to these measures, Akubra has managed to significantly reduce the number of incidents and its IT team has been able to spend much more time on other technical tasks thereby improving efficiency.
The Akubra case indicates that fashion retailers need to address cybersecurity measures in the light of the increasingly omnichannel nature of the sector. According to PWC, the number of companies investing in providing a better experience across multiple sales channels grew from 20% in 2012 to 80% for 2020. Retail online channel face threats such as ransomware, phishing, and fraud suffered by their users while physical stores are hit via Wi-Fi networks by unwanted intrusions or malware that hackers execute by exploiting vulnerabilities or bad practices on employees' or customers' devices.
This means that fashion retailers need a cybersecurity partner that can provide protection, both in-store and for online channels, where business is growing due to the rise in e-commerce because of the pandemic. Therefore retailers, supported by MSPs, must take the following measures:
- Firewalls alone may not be enough, so they should be complemented by comprehensive network security that protects both servers and other devices, not only for internal employees but also for customers who access the store network. They need additional functionalities such as web and DNS filters to do this. This prevents users from using the store network to connect (either deliberately or inadvertently) to malicious websites and content that can be categorized by addresses or passwords.
Wi-Fi networks are an important attack vector that not only put the retailer at risk but also customers who connect in the store. Stores must have a secure Wi-Fi system that is easily managed from the Cloud with Wi-Fi 6 access points and WPA3 security.
All of this must be combined with an endpoint protection, detection and response (EPDR) solution that is zero-trust and capable of detecting the most advanced threats that can evade traditional antivirus solutions, such as fileless malware or malicious code attacks.