Privileged Access Management, Retail

Why Retailers need Privileged Access Management

PAM for Retail

Cybersecurity is a growing issue for businesses worldwide, as the data they handle becomes more and more significant and the threat of a breach more imminent. Nowhere is this challenge more evident than in the Retail sector, where systems are widespread and consumer data handling is constant.

Retail Security Challenges

Businesses big and small, from Austria to Australia, are facing increasing cyberthreats and struggling to keep up. Retail companies in particular are subject to cybersecurity obstacles and vulnerabilities due to the very nature of their businesses; retail IT resources are inherently spread out.

Unique Challenges of the Retail Sector

The very nature and structure of a retail organization makes cybersecurity of essential systems and resources particularly challenging. What makes large-scale retail so difficult?

Geographic diffusion: With many locations, often spread across multiple countries and continents, risk exposure is equally widespread
Privileged user turnover: Employee turnover is high in retail, a fact which results in a rotating door of privileged accounts being created and abandoned
Complex, mixed systems: With everything from DOS-based PoS systems to the latest in Cloud-hosted servers, to WAN routers in use, retailers have a wide array of very different systems to manage and protect

And, of course, the most critical challenge,

Valuable data: Retail businesses handle the person data – including names, addresses, credit card details, and maybe even social security numbers – of thousands of trusting customers.

Top Cybersecurity Threats to Retail

Cyberthreats are increasing year over year, with no end in sight. In 2017, more than half of all businesses worldwide were breached by hackers. With online retail sales expected to grow more than 57% (to $414 billion) in the U.S. in 2018, the pressure to secure and protect critical assets is on.

Ransomware is the fastest growing malware threat, meaning that Retailers need to lock down that assortment of technologies with the best possible access controls.
Point of Sale (PoS) breaches are predicted to be the top threat (and causing the greatest damage) to retail firms
Compromised Accounts are the leading entry point for cybercriminals. Whether stolen or lost, “remote access credentials remain the most popular means by which PoS malware is installed on payment systems”

For retailers, the future is full of cyberthreats. It is more important than ever to gain complete control and vision over who has access to what systems, when, and what actions they are taking to protect critical resources from being exploited – and incurring the staggering costs of a data breach.

Cybersecurity Lessons of the Saks Breach

The credit card data of 5 million Saks and Lord & Taylor customers was stolen. As announced on April 1^st, this breach is no joke for the luxury retailer, which was hacked by a group of well-known cybercriminals by way of malware installed in the chains’ cash register systems to funnel millions of credit and debit card details into dangerous hands.

The latest in what is becoming more and more frequent news, this is the one of the largest known data breaches of a retailer. But could it have been prevented?

Stop Retail Data Breaches with Privileged Access Management

In a trust-based business where consumers entrust their payment information to retailers, expecting it to be safely guarded, businesses can’t afford to have their data hacked. Like Target’s 2013 breach of 40 million credit card numbers, and Home Depot’s 2014 hack of 56 million card numbers, consumers’ most sensitive financial information is being exposed left and right, without adequate protection on servers and other IT resources.

This latest breach of Saks and Lord & Taylor confirms just how critical it is for retailers to implement stronger cybersecurity measures.

PAM for RETAIL

Privileged Access Management is a critical component of robust cybersecurity for any business, and it’s especially true for the Retail sector (as so clearly illustrated by the ease with which Saks had their cash register systems breached.) PAM protects all sensitive IT resources from PoS systems to servers hosting customer financial data to ensure you know precisely who has access credentials to which systems.

PAM consists of three main components, which each contribute vital security measures for retailers.

The Access Manager streamlines the granting and revoking of accounts and permissions to any and all relevant systems. Administrators can be given “Least Privilege” access to only the target servers they require, and rights can be revoked when the need expires
The Password Manager, quite simply, means that no user ever needs the actual password to a target system, whether an external, 3^rd-party provider or an internal employee. Passwords can be stored in a password vault and rotated to provide the utmost in password management
The Session Manager provides an un-alterable audit log of every action taken on a target resource. With OCR recording, every privileged user’s activity can be tracked, recorded, and automatically terminated if actions seem suspicious.

In addition to the integral cybersecurity measures Privileged Access Management facilitates, PAM also contributes to many stringent regulatory controls. With GDPR and the NIS Directive both looming, plus industry and government standards like the ISO 27001, PCI-DSS, and many others, the components of PAM help all Retailers comply and meet regulations.

Avoid a Retail Data Breach with PAM

Expect to get breached. That’s the name of the game in an increasingly digital world with growing cyber threats. Step up your prevention and facilitate easier recovery with PAM. Privileged Access Management enables retailers to secure their wide array of technologies and systems, handle constant staff and 3^rd-party provider turnover, and oversee safer cloud hosting. PAM offers comprehensive audit and tracing, while minimizing your attack surface in a global industry.

Learn more about Privileged Access Management for Retail! Download the whitepaper.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
trackalyzer	1 year	This cookie is used by Leadlander. The cookie is used to analyse the website visitors and monitor traffic patterns.

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
messagesUtk	1 year 24 days	This cookie is set by hubspot. This cookie is used to recognize the user who have chatted using the messages tool. This cookies is stored if the user leaves before they are added as a contact. If the returning user visits again with this cookie on the browser, the chat history with the user will be loaded.

Cookie	Duration	Description
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_gat_UA-12183334-1	1 minute	No description
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 9 months 23 days 12 hours 13 minutes	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
wp-wpml_current_language	1 day	No description

Why Retailers need Privileged Access Management

Retail Security Challenges

Unique Challenges of the Retail Sector

Top Cybersecurity Threats to Retail

Cybersecurity Lessons of the Saks Breach

Stop Retail Data Breaches with Privileged Access Management

PAM for RETAIL

Avoid a Retail Data Breach with PAM

Cloud Password Management with PAM

Test your Cybersecurity Skills: Take the Quiz!

Related

Related Resource

Products

Solutions

Resources

About