On July 1, a man stabbed a police officer in a Hong Kong shopping district before taking his own life – Copyright AFP/File Robyn Beck
The risks for Black Friday shopping are evident and many warnings have been issued. Yet it is expected that the attack rate will continue to soar. To avoid things getting even worse in 2022, the time to plan and to implement change is now.
This is the message from JG Heithcock, General Manager (GM), Retrospect, a StorCentric Company. Heithcock considers why many IT systems, both in general and for the retail sector specifically, are vulnerable to cyberattack, as he explains to Digital Journal.
For this analysis Heithcock dissects the set-up of many back-office functions, noting: “Today’s mid-to-enterprise class retail organizations manage complex IT operations that depend upon numerous technologies, distributed across the HQ datacenter and each remote location, to provide customer-facing and back-office functionalities.”
The consequence of this, Heithcock explains, is that it: “Creates a vast attack surface for the would-be cybercriminal that only needs to be right one time to get in, versus the datacenter management team that must be right every time, every day, in every way. Today, it is not a matter of ‘if’ ransomware will get in, rather a question of ‘when?’”
This means the approach by IT professionals to cyber-threats must be more holistic. Heithcock analyses: “Consequently, while prevention and detection are critical, today’s top priority must be the recovery piece. Retail IT executives should choose a data backup solution that provides broad heterogeneous platform and app support.”
In terms of further details as to what this entails, Heithcock explains: “It should ensure automated backup protection across the entire IT environment from the central datacenter to remote offices to the edge and into the cloud. This feature is particularly important to retail organizations with numerous remote stores, which oftentimes do not have onsite IT expertise to ensure data and operations security and protection.”
Once this is established, Heithcock says: “The backup solution must auto-verify the backup process. It should check each file in its entirety to make sure files match across all environments, which consequently ensures the ability to recover in the event of an outage, disaster or cyber-attack. And this one’s a deal-breaker — at least one backup must be immutable, unable to be deleted, corrupted or changed in any way, even if the ransomware has already infiltrated your organization, and integrated itself into the backup process.”
Such advice may come a little late for Black Friday and Cyber Monday, but it allows retailers to prepare for the future and to develop the necessary skills and structures to meet the continued cyber-menace.