Cyberthreats are becoming increasingly pervasive in the Australian retail sector. With a reported 67,500 cybercrime incidents, 13 per cent more than the previous financial y1 , Australian businesses continue to be targeted by ransomware, and the retail industry is one of the top five sectors affected2. However, cyberthreats aren’t the only challenges facing retailers. Since retailers may now be considered critical infrastructure (CI) operators, they face new requirements when it comes to protecting their systems and data.

The amended Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) ushered in new regulations for CI operators, including retailers. The new legislation introduced mandatory reporting for serious cybersecurity incidents, putting the onus on businesses and operators to raise the alarm if they fall victim to an attack. The amendment also proposes that businesses have in place cyber management and resilience programs to mitigate and minimise risk.3

Cyberthreats aren’t just increasing in frequency, they’re now more sophisticated and advanced than ever before. To combat this growing threat and better protect business, organisations are turning to managed detection and response (MDR) to strengthen their cybersecurity posture. For the retail industry, this type of protection has become an essential tool to help safeguard CI. E-commerce and online shopping continue to grow, and businesses must take their data security seriously. Sensitive customer information, such as credit card details or rewards profiles, is a popular target for malicious actors, and it would be detrimental to a retailer’s reputation, profit, and customer trust if this data were to fall into the wrong hands.

It’s no longer good enough for retailers to take a reactive approach to cybersecurity; businesses must be constantly vigilant and ready for immediate response, which is why MDR is becoming so important. Accelerating the need for ongoing threat monitoring, the Australian government is now considering further increasing fines for serious breaches4.   However, establishing a 24/7 threat detection capability in-house is close to impossible for most retailers given the ongoing skills and labour shortages. The cost, effort, and expertise required is tremendous and time consuming. The complexities of deploying and properly configuring specialist technologies such as extended detection and response (XDR), and security information and event management (SIEM) platforms across multiple endpoints, servers, clouds, and networks often can take months to implement.  

Partnering with an experienced MDR provider can significantly reduce the time-to-value for under-resourced retailers. Many are looking to enhance their cybersecurity protection strategies with more comprehensive solutions that leverage endpoint detection and response (EDR) agents that can be deployed rapidly. The right MDR provider brings a plethora of experience, around-the-clock monitoring, and access to global threat intelligence, providing additional expertise and support for retailers.

Ultimately, this means that retailers can have sensitive data protected within hours, instead of months, delivering rapid protection from emerging threats.

However, before partnering with an MDR provider, it’s important for retailers to understand the true value that MDR services can deliver and ensure that they will align with the business to offer the protection that best meets their needs. Retailers should consider:

  1. Technology: as retailers continue to migrate to the cloud, the number of potential risks, vulnerabilities, and entry points increases. Retailers should look for an MDR provider that is experienced with XDR and SIEM technologies to bring together threat telemetry and forensic data from broader IT infrastructure, including networks, email, and cloud infrastructure.  
  2. Detection: it’s important to look at how an MDR provider detects threats. Is it human-led, hypothesis-driven, or is it merely automated searching? Threat hunting must involve proactively exploring and interrogating systems for their current state as well as historical data. A quality MDR partner should combine human-led threat hunting with 24/7 monitoring and real-time analysis and investigations.
  3. Response: to get more value from MDR services, look for a provider that responds to threats by containing them and keeping them from spreading further. The MDR services should be able to act remotely on endpoints, within the network or other applications, to isolate systems and stop threats in their tracks.
  4. Research capabilities and field testing: threat intelligence is often the foundation for effective detection and threat hunting. Look for an MDR provider with an active research arm that can incorporate other cyberthreat intelligence to benefit from the latest information on emerging threats around the globe. It’s crucial to ensure an MDR partner has adequate field-testing experience. Hasty responses can result in negative consequences like shutting down systems and business processes unnecessarily.
  5. Culture: while it’s often overlooked, it’s important to determine if a provider will deliver a long-term, trusted partnership. Consider the operating model, industry reputation, and how a chosen provider will integrate with the team to determine if this is the right fit for the business.  
  6. With increasing targeted attacks, it’s vital for retail businesses to use MDR to protect their critical infrastructure. Failing to do so leaves retailers exposed to a growing number of threats and malicious cyber actors that are more than willing to exploit vulnerabilities. Working with a trusted and experienced MDR provider can help retailers establish a more robust cybersecurity posture and better protect their systems and data from threats.

Jason Whyte is general manager (Pacific) at Trustwave.