We are seeing more and more organisations fall victim to cyberattacks and immediately pointing the finger at third-party software or suppliers. It was only a few weeks ago that the Australian Privacy Commissioner warned that third-party suppliers are “a real weak spot” for protecting customer privacy, following a data breach of a supplier to NSW and ACT clubs that exposed names, addresses, and driver’s licence information.
Despite the rising risks, according to a report by BlueVoyant less than half of Australian respondents to a recent survey are monitoring their third parties regularly for cyber risks, lagging behind global behaviour (44% vs 47%).
The current method of scanning and remediating vulnerabilities, especially when it comes to third-party suppliers, is leaving the windows of an organisation open to attackers. However, AI-driven methods of Autonomous Endpoint Management are drastically changing the risk landscape.
Retailers can’t defend against what they can’t see
According to the Australian Cyber Security Centre (ACSC), the retail industry is the second most targeted professional industry for ransomware-related cyber security incidents, accounting for 16.3% of all reported incidents.
There are several theories as to why this might be the case. The first is, retail businesses must deal with a high volume of everyday consumer interactions, and these consumers would inevitably have various degrees of cyber security knowledge and differing risk appetites. Consumers also must hand over vital financial information, such as credit card details, when dealing with retailers both in store and online. Complex supply chains, particularly for retailers with a global footprint, further complicate matters as the network perimeter continues to expand.
Much of the retail industry workforce is young (for many, it would be their first job). They are also geographically fragmented, and often work on a part-time or casual basis. As a result, cyber security training becomes difficult to roll out, and there is little that can be done to enforce cyber security compliance.
Add to that, an enormous uptick in digital retail that occurred during the COVID-19 pandemic meant retailers’ online presences and infrastructures were potentially built in haste. Current, common methods of scanning and remediating vulnerabilities, especially when it comes to third-party suppliers, are leaving the windows of an organisation open to attackers, and, the longer a window is open, the easier it is for someone to exploit it.
Many retailers would therefore be in a situation where they do not have a clear view of all the assets and devices in their networks, and even fewer have this information available in real-time. If you can’t see it, you can’t secure it.
The first key and crucial step to greater protection against ransomware and third-party vulnerabilities in the retail sector is to have real-time visibility over every endpoint in your organisation — from POS systems, to laptops, and servers.
IT teams in retail businesses need to identify every device and machine for full visibility, to understand their organisation’s current circumstances accurately. Once this complete asset coverage is achieved, it paves the way for comprehensive, continuous monitoring against threats. Retailers can begin identifying and remediating vulnerabilities on endpoints that would have otherwise been missed or ignored by outdated scanning methods. Problem endpoints can then be patched in a timely manner to protect the organisation.
Taking these steps to address vulnerability management in a proactive manner dramatically reduces a retailer’s risk of cyber attacks.
How a Software Bill of Materials (SBOM) can help retailers protect against third-party risks
The concept of a SBOM is crucial in safeguarding against supply chain software attacks. By uncovering concealed components within third-party software, it acts as a vital line of defence against third-party vulnerabilities. Comparable to a complex recipe, this concept significantly aids in understanding the intricacies of software elements and their interrelations, fostering a safer and more transparent digital ecosystem for an organisation.
The objective is to document each software component and device used in the organisation. Such meticulousness proves invaluable in mitigating software supply chain risks and bolstering cyber security.
SBOMs are required in the Australian public sector, but the private sector is lagging behind. I believe SBOMs should be adopted as a minimum standard for all organisations. Retailers in particular would be wise to consider implementing them, giving the high incidence of ransomware-related cyber attacks in this industry.
But how to transform this concept into reality? Autonomous Endpoint Management is the mechanism through which an organisation can see inside their software at any time, in real-time, be alerted to and remediate potential vulnerabilities before they even become a problem.
Having real-time visibility over software allows teams to perform software package identification at the click of a button. It’s like having x-ray vision, seeing through the complex layers of software to identify every component, whether that be a runtime library or an open-source package.
For retailers, taking action now is the best means of fending off large-scale third-party cyberattacks that can irreparably damage finances, reputation, and customer trust. The cost and difficulty of retroactively managing a cyber breach is often far worse than the steps needed to prevent it in the first place.
James Greenwood is regional vice president of technical account management at Tanium.