Thales Blog

The Retail Data Threat Environment and Why CIAM is a Key Cornerstone to Better Cybersecurity.

May 11, 2023

Sara Sokorelis Sara Sokorelis | Product Marketing Manager, Thales More About This Author >

The retail landscape has changed significantly. Digital payments have increased at an unprecedented rate, the global pandemic changed our shopping habits, and the “work from everywhere” culture has quite frankly blossomed. Cybersecurity awareness, however, has not kept up. In fact, only 49% of organizations have a ransomware response plan, compared to 48% in 2022.

Yet, the heart of retail operations - point-of-sale (POS) devices - are constantly on the radar of scammers, and when it comes to digital interactions, the retail sector is ranked as one of the most vulnerable industries to cyber-attacks.

Customers should be aware of the existing threats, while retailers must understand the risks associated with poor management of customer identities.

The need to increase retail cybersecurity awareness

The risk of cyber-related attacks expands along with customers’ demand for payment options and convenience. The extra vulnerability stems from a wide range of users and all the way to the software, hardware, and cloud-based components required to meet modern demands.

Apart from its size and the millions of POS devices and transactions, retail is susceptible to human activities, perception, and a changing regulatory framework. In retail, everything changes fast: processes, procedures, and technology.

Securing web transactions and sensitive data against retail cybercrime in a rapidly evolving environment is imperative. This task includes effectively managing not only employee identities but also the external identities of gig workers and customers. Everyone needs to increase the level of retail cybersecurity.

  • Customers must be aware of retail cyber threats.
  • Retailers must protect access to their data and systems by accelerating the adoption of a Zero Trust approach to security.
  • Financial organizations must secure POS transactions and protect sensitive data.

Noteworthy patterns in retail cybersecurity

According to the Thales Data Threat Retail Report, the top retail cybersecurity threats are malware, ransomware, and phishing/whaling. Retailers are clearly experiencing more issues with malware, with 65% of the respondents putting it at the top of the list, while ransomware occupies the second top retail threat place, voted by 1 out of 2 retail participants. About 3 out of 4 respondents are concerned about security risks from employees working remotely; this is lower, though, compared to other industries.

Almost 50% of retail respondents mentioned that retail cybercrime increased over the last year, and one-third of respondents experienced a retail data breach in the previous 12 months. Verizon Data Breach Investigation Report showed that retailers encountered 629 incidents in 2021, 241 of which with confirmed data disclosure. Of those retailers who had a ransomware attack, about one out of three reported external impacts, such as reputation and affected customers.

Malware and ransomware seem to be linked, as practically all ransomware attacks begin with malware. The combination proves devastating for the retail industry: malware is used to exfiltrate customers' sensitive data, followed by a ransomware attack that disables vital corporate systems. The retail cybercriminals then use the exfiltrated data to get ransoms that 27% of respondents are willing to pay to save their businesses’ reputations.

Despite the above findings, retailers are pretty serious about the security of their businesses. For example, 29% of retailers reported adopting and actively embracing formal zero-trust strategies, just like any other industry. In addition, another 53% are either planning or considering adopting a zero-trust approach to securing on-premises, cloud, and remote access management.

Why Customer Identity & Access Management (CIAM) is crucial for Zero Trust security in the retail industry

Business success in today's digital-first landscape requires providing customers with trustworthy, hassle-free interactions. While traditional workforce IAM solutions are ideal for protecting the identities of internal employees, they cannot enable the frictionless onboarding of external customer identities. Long-term success is dependent on the rapport it can develop with customers over time.

Customers today are constantly evaluating their relationships with the brands in their lives, and a few blunders could result in your company being dropped. However, if you consistently impress your customers with caring, personalized service, you can significantly increase their lifetime value.

The hero in this narrative is a robust CIAM solution. CIAM is a critical capability in enabling and facilitating your online existence and in how organizations interact with customers and partners via online services. Analyst firm KuppingerCole says CIAM solutions “allow users to register, associate device and other digital identities, authenticate, authorize, collect, and store information about consumers from across many domains.”

Every stage of the customer's relationship with your organization is intertwined with CIAM, from initial contact to smooth registration and authentication to retention and protection of customer privacy. A CIAM solution is a crucial component of a Zero Trust strategy for the retail company because it allows the business to protect their customers from online fraud and cyber threats, establishing a sense of safety that customer data is always protected and secure.

Thales OneWelcome helps you to streamline and secure customer interactions and transactions. The platform ensures a frictionless user journey as well as a wide variety of multi-factor authentication methods, including phishing-resistant MFA like FIDO2 security keys, pattern-based authentication, and OTP push notifications – all of which can inject better cybersecurity within the retail sector. Learn more about how you can protect and connect your customers with one platform for every identity.

Want to dive deeper into the current state of cybersecurity threat environment? Get the most recent Global Data Threat Report.