UK Retail seems to be under threat. Recent cyber attacks by Scattered Spider have cost Marks and Spencer, The Co-op, and Harrods many millions in lost sales. At idax, we work with a number of prominent retailers to reduce access risk and this blog starts to share our insights into what makes them especially vulnerable and the steps they can take to reduce risk.
But what is it that makes the retail sector especially vulnerable to attacks? Firstly, the access controls we think of when we think about IAM – least privilege, periodic access reviews, role-based access – were designed with highly regulated industries like finance and utilities in mind. The truth is that Retail is just shaped different. Retailers have a large number of staff on the shop floor, with a lot of seasonal turnover; which adds up to many people with a significant, but small amount of access changing all the time.
This makes the old-fashioned manager access review difficult to carry out and almost impossible to get right. Which is why new AI type analysis, like idax’s, is so important and powerful in making sure the right people have the right access.
More importantly, artificial intelligence can help retailers to define and, significantly, maintain attribute based access rather than traditional Role Based Access Control.
But remember, attacks seem to come in waves. Two years ago, more than half of the UK’s top car dealer groups were attacked with Ransomware. This month it’s UK retail. Whilst ransomware groups are highly organised, they are also hugely opportunistic. Is it now just Retail’s “turn”.
Which means there’s more to come, and possibly the bad guys are already in the building. Talk to us about how idax’s analytical AI is reducing access risk for Retailers.
