During the National Retail Federation’s Big Show 2022, we caught up with Courtney Radke, Field CISO, Retail & Hospitality at Fortinet, to learn more about the cybersecurity trends retailers should be looking out for in 2022.
I think some of the newer threats that retailers need to be watching out for are in the web applications, in the e-commerce applications and mobile and loyalty apps. Because in retail, 99 plus percent of attacks are financially driven and where is the money? It’s where the data is. And so the data now resides in the cloud. It resides in the customer applications, in e-commerce. It’s not that the POS isn’t an attack vector, it absolutely is. It’s a good stepping off point. They gain a foothold, they have lateral movement, but they’re really trying to get to where the money is. And that’s in e-commerce applications. We’ve seen that go to the number one attack vector. POS used to be that, payment cards used to be that, but hopefully, we’re not storing anything on the POS from a payment standpoint. The end-to-end encryption has kind of lessened that risk, it’s still there, but web applications are definitely that number one risk.
And as we look at it, ransomware is not new, but it’s becoming more pervasive. We’ve seen an exponential increase in ransomware and it just continues year over year, month after month. So that’s something that has to be looked for. And then specifically, as we talk to e-commerce mobile loyalty platforms, botnets. Botnets are a huge attack vector. And the thing about ransomware and botnets is they’re all right of the attack, meaning they’ve already been on your network for quite some time. They’ve already set up shop, have all their information, and now they’re just trying to make some money. They’re making some quick wins. So if it’s a ransomware attack or a botnet attack, they’ve probably been on your network for quite some time and you didn’t have visibility to it. So, I think so those are some of the biggest ones that we see is protecting your digital, your e-commerce platforms, your e-mobile loyalty apps and protecting them from ransomware and botnets.
So there are actually some attacks that they’re financially motivated still because you’re going to pay at some point to remove these bad actors from the network. But it’s not about just trying to get to the money, right. Eventually they will, but it’s about ruining the customer experience, and the customer experience is everything. Again, you want to create that loyalty, you want to have that consistency.
So I think something that retailers should stop doing as we go into 2022 is stop treating technology as a cost center, treat technology as a revenue generator. Because all of your customer experience, all of the digital transformation, everything rides on your technology. And it’s often been seen as that line item. So I think give your CISOs a seat at the table, make sure that your technology is seen as that revenue generator, because it really is. It drives digital transformation. And as we continue to rely so much on technology for that, I think it’s important. I think it’s important that technology is seen as that enabler for it and not the cost center.