A few years ago, the director of cyber incident response at a major global retail conglomerate was on the lookout for phishing attacks targeting senior executives, or “whales.”
He wasn’t disappointed.
A company executive soon flagged a well-composed but fishy email from a trusted supplier asking that a planned $2 million payment for raw goods be sent to a new bank account. It turned out a criminal hacker had breached the partner’s email account and tracked ongoing communications about the deal. When the time seemed right, the hacker then injected themselves into the conversation.
The email breach made the cyber chief pause. Though his team could not have prevented an external hack, it provided him—and the CIO—the in-house mandate to conduct a business-wide security review.
What he found was thousands of devices and endpoints—worker laptops, PCs, tablets, printers—that had never been inventoried, configured, updated, or patched. And that was before a large-scale merger. At the time, the company—like many in the retail space in 2020—was about to integrate thousands of new endpoints thanks to a recent $1 billion acquisition. Such acquisitions only add to the sprawl of security tools and legacy systems that enterprises operate these days.
As e-commerce has boomed over the past year, driven by the pandemic and the shift to online shopping, retailers are doubling down on their digital efforts, from consumer apps to global supply chain management, and improving their in-house employee experience.
In fact, 61% of retailers surveyed by BDO for its 2021 Retail Digital Transformation Survey said they plan to increase spending on digital investments in the next 12 months. Their cybersecurity challenges are expected to grow as well. Surveyed retailers said cyberattacks and privacy breaches are their top digital threat (33%) and their top challenge related to IT resilience (46%). Yet only 29% are focusing their technology investments on data privacy and security.
Many of the respondents said that a patchwork of legacy technology—often misconfigured and unable to integrate with newer tools and platforms—can lead to cybersecurity vulnerabilities. There are also external challenges, including supply chains and third-party software vendors.
These were among the critical issues facing the retail cybersecurity chief after the failed email phishing scam. As he surveyed his entire technology ecosystem, he saw that he needed a unified approach to securing all existing endpoints, along with the newly acquired company’s tools, servers, and virtual machines in the cloud, which would need the same level of scrutiny and protection.
Every IT and security leader knows that growth begets complexity, which begets risk. Taming complexity, and mitigating risk, requires gaining visibility and control over your assets. Preparation must start with good cyber hygiene practices. That includes the essentials of endpoint management and security: real-time asset discovery and inventory, software management, patch management, configuration management, and rapid incident response.
Cybercriminals and nation-state hackers are looking for lapses in these areas to breach your network. Just consider the current onslaught of successful ransomware attacks. According to IDC’s 2022 Ransomware Study, released in July, companies are paying an average of $250,000 to satisfy hacker demands. More than a third said the disruption from a breach lasted at least one week, and 11% of those who paid a ransom found the decryption on their files was incomplete.
Thanks to this year’s massive ransomware attacks on businesses and infrastructure, many enterprises are now stress-testing cyber-response procedures and assuring suppliers and partners that they have plans in place to combat the disruptive impact of attacks.
Fortunately for the cybersecurity chief at the retail conglomerate, his company had already begun adopting a platform solution for managing and protecting its network and endpoints.
An effective central platform
Previously, the ecommerce company had handled security the old-fashioned way: If one of its 30,000 employee’s laptops or PCs became compromised—opening a pathway to a potential network breach—IT shut the machine down, wiped its data, and replaced it weeks or even months later. The IT teams tracked and stored all such incidents in office software productivity tools that weren’t designed for that purpose.
The process was costly and chewed up work hours. Anytime IT shut down a PC, laptop, tablet, or other endpoint device, the device needed to be shipped, often across borders, to the company’s American headquarters. There, a security team would perform a forensic analysis. The IT team would then ship a replacement device in the opposite direction. Both transits had to clear customs, which could be slow, costing weeks of delay. As the company grew, this multistep workflow cost time, staff, and money.
To manage its global sprawl of endpoints—many of which are used for remote work over vulnerable home WiFi connections—the enterprise took steps to gain real-time visibility and real-time access, including adopting Tanium’s endpoint management and security platform.
Now, instead of being forced to wipe machines and lose valuable data because of a threat, the security team can quickly identify the source of the problem and remotely apply measures to address it.
Having an effective central platform also saves the company’s IT security staffers considerable time since they don’t have to use multiple tools to accomplish the same tasks. Many tools are randomly installed across an enterprise without the knowledge of IT leaders and stay that way—forgotten, unpatched, and vulnerable.
Remote working has exacerbated the problem, with employees often using tools and endpoints outside of company policy. And an irony is that security tools—the very software designed to keep hackers out—can hinder visibility and defense posture if too many are added and they become difficult to track and manage.
A centralized platform enables security teams to focus on more strategic matters, like responding to high-priority cybersecurity issues quickly and effectively.
The results have been huge. Before using the platform’s solutions, it took the cyber chief’s team several days and even weeks to respond to a cyber incident. Now, the team is able to respond in hours and sometimes even minutes. And that’s an instant response for a workforce of 30,000.