According to a recent study on cybersecurity in the retail industry, this sector is the most vulnerable to cyberattacks, especially social engineering attacks like phishing. IT security flaws in this industry can lead to high profile incidents, such as the cyberattack on Dixons Carphone Warehouse, in which payment details of 5.9 million customers were compromised; or the data of 20,000 clients of the British health and beauty chain, Superdrug, being held ransom.
The most common cybersecurity flaws in retail companies include:
- The human factor, such as employees with little experience or IT security awareness, which means a greater likelihood that they will open phishing emails, especially CEO fraud type emails.
- Technology problems. Hardware – such as point of sale (POS) terminals – used within shops can suffer from a series of vulnerabilities that allow attackers to steal credit card data from clients before it is encrypted.
- Antiquated, obsolete systems, due to the limited funds that are available to dedicate to updating them.
- Geographical dispersion is another obstacle when it comes to updating these systems, since companies have premises in many different locations. Here the challenge is to update systems in many different places without compromising the company’s efficiency.
The case of Asprey
This geographical dispersion was one of the challenges faced by Asprey, considered to be the finest British jeweller and luxury goods house, when it came to managing the company’s IT resources. The British company has offices across the globe and stores in the UK, Switzerland, Japan and the USA.
Before contracting Panda Security’s advanced cybersecurity solutions, Asprey had in place “a multilayered defense against threats – including cloud-based antivirus, email filtering and backup.” However, according to Steve Bays, Technical Services Manager at Asprey, “We needed more, with infections and hacks on the rise highlighting the weaknesses of traditional security solutions.”
The turning point: a Cryptolocker attack
The proof of this deficiency came in March 2017. A variant of the malware Cryptolocker slipped through the existing defenses on Asprey’s corporate network, and managed to infect six machines on the system before being detected and neutralized.
Although the network was disinfected and the files restored with backups within hours of the cyberattack, the company’s productivity was seriously affected: it was unable to process orders or carry out any IT tasks for half a day.
The advantages of advanced cybersecurity
This incident confirmed the need to increase the company’s IT security. For this reason, Bays decided to implement Panda Adaptive Defense, the endpoint detection and response solution developed by Panda Security, in order to protect against zero-day attacks and advanced persistent threats.
Whereas traditional solutions like those previously used by Asprey only block what they know to be bad, Panda Adaptive Defense applies a new cybersecurity model: it classifies 100% of processes executed on the network, and only allows elements classified as goodware to run. With this approach, the window of opportunity for zero-day malware is closed.
During the two week deployment period, Panda’s corporate cybersecurity solution gathered information about the retailer’s network operations. This was the preliminary step to implementing Lock mode, which only allows the running of elements classified as goodware. This mode is ideal for companies such as Asprey with a ‘zero-risk’ approach to security.
“Having complete visibility of all processes, and being able to see any unknown processes being automatically classified by Panda Security prior to running gave me confidence in the system”, Steve Bays praised the security intelligence capabilities, “without impacting users adversely.”
The deployment of the solution on Asprey’s system came just in time: in May of the same year the WannaCry ransomware attacks shook the world’s IT systems. Luckily, every Panda Adaptive Defense client in Lock mode, as was the case with Asprey, was protected against the WannaCry ransomware from the first minute.
Since it was installed across Asprey’s network, Panda Adaptive Defense 360 has actively classified dozens of malware samples not detected by the signatures or heuristics utilised by traditional security solutions.
“Asprey engage world-leading craftsmen to provide only the highest quality products to our customers, and we expect the same from our suppliers,” quotes Steve Bays. “The fact that Panda Security’s Adaptive Defense 360 receives numerous independent accolades gives us this reassurance.”
If you want to find out about more of our solutions’ corporate cybersecurity success stories, click here.
Discover in detail all the advantages that the advanced cybersecurity solution Panda Adaptive Defense can offer your business.