Subscribe to our newsletter to get the latest scoop right into your inbox.
From a kirana shop to the entrant of big retail giants in India, the retail sector of India has been alive and kicking. Forbye, technology adoption in this sector has largely backed to cater its growing customers and evaluate new and efficient business models. Perhaps! Disruption is the term which can very well assimilate the India retail sector today. To understand the potential of this titanic industry, retail Industry in India constitutes over 10 per cent of the country’s GDP with around 8 per cent of employment and is valued at USD 672 billion at present.
The retail sector in India has been evident in building up new job opportunities, change lifestyle and share a handsome amount in the country’s GDP. By 2018, the Indian retail sector is likely to grow at a CAGR of 13 per cent to reach US$ 950 billion.
But that’s just a good music over a French wine of the Indian retail sector. There are multiple challenges today Indian retail sector is stumbling over, and the most acute is ‘Security’. E-commerce has changed the face of Indian retail sector in the past few years. As the acceptance towards technology increases, more and more consumers are willing to explore web based shopping alternatives. The growing trend of online shopping has introduced new forms of shopping experience to customers. Moreover, the latest decision of demonetization has been the cherry on the top citing the proliferation of online and digital form of business accelerating the online retail sector in India.
How Prone is Indian Retail Sector to Massive ‘Cyberattack’?
The recent numbers of cyberattacks in the retail sector is mind-boggling. Panning from content, to transactions, when it comes to malware every old is new again.
Extending concerns over the cyberattacks in the retail sector, Zeina Zakhour, Global CTO – Cyber Security, Atos, said, for the past couple of years, the retail sector has experienced large scale cyberattacks and breaches with a rise in the frequency & scale of such attacks and a rise in the financial losses. The retail sector will need to adopt a data centric security strategy built on a prevent/protect/detect/response approach concerned with the premises of identifying where the sensitive data is, who is using it and for what purpose, in order to define the necessary security controls.
Expressing in detail, Rana Gupta, VP – APAC Sales, Identity and Data Protection, Gemalto, said, as per recent industry reports, India’s retail market is expected to be at US $1 trillion by 2020 following urbanization, attitudinal shifts and income growth. This unprecedented growth has made retail sector a prospective target for the cyber criminals. As per Gemalto’s Breach Level Index, the sector globally has been a regular target with around 747 data breaches recorded in the last four years since 2013.
Also, given the rapidly changing digital retail landscape and sector being one of the biggest source of personal and financial information of its customers, it is really important for retailers to protect the customer data against ever-evolving sophisticated cyber criminals and insider threats.
From Security and Privacy perspective, Gemalto recommends retailers’ a three step Secure the Breach approach that takes into account, where your data resides, how you store and manage that data and who has access to it. The process includes:
Attacks ‘Sophisticated’ Than Ever!
The growing IT network architectures in retail businesses and to sustain in the competitive market, retailers adopts new forms of technologies especially digital forms of business model is ‘Hot’. Almost today every retailer admits that they have become the victim of a security threat owing to which they have to increase the server security.
Chalking on the growing form of attacks, Rana Gupta feels, the use of online banking, payment wallets, and credit and debit cards for shopping has grown significantly. According to a recent ASSOCHAM report, the recent demonetisation leading to a reduction in cash transactions, along with improvement of online banking facilities, has been huge opportunities for the Indian online and offline retail sector. The report also indicates that in 2016, about 69 million consumers purchased online which is expected to cross 100 million by 2017. Going forward, these consumers will be using the above mentioned tools for the payment, which will further put the sector on the radar of cyber-criminals. So protecting financial data has never been more important.
While any industry is prone to the three categories of cyber-attacks – those being, Data Privacy Breaches, Data Integrity Breaches and Denial of Service Breaches – the retail sector has so far primarily witnessed the breaches in the categories of Data Privacy and Denial of Service, however it won’t take long for the breaches in the category of Data Integrity to catch up.
Zeina Zakhour, precisely quotes ,
• Point of sales attacks has been the preferred form of cyberattacks targeting the retail sector, especially in the segments that have not yet adopted chip-based EMV payment card technologies.
Big Question? How To Be Safe!
Zeina Zakhour, expresses, retail industry is customer experience oriented industry, implementing new technologies in order to empower & customize personal experience. Therefore, their Cybersecurity strategy should enable & secure these new consumer-centric digital transformations through:
Rana Gupta, connotes, breaches will continue to happen — to expect otherwise would be not understanding the depth of the situation. But as their scale and complexity grows, focusing on them first, would take up all of an organization’s IT security bandwidth. A better starting point is to know what you are trying to protect and then apply the three step process to secure the data.
However, retail sector overall has taken significant steps to stop cyber-attacks, particularly at the point of sale as reflected in our 2016 Breach Level Index report. Retailers had 215 data breaches in 2016, down 10% from 239 the year before and accounting for 12% of the total globally. Additionally, the number of records stolen declined 18.8% to 32.5 million from 40.1 million in 2015.
DDoS, the True Security Infiltrator
Distributor denial of service tax or DDoS attacks are a real challenge for retailers, particularly during peak season, and the challenges are that the websites of an organisation might be taken down, or there is also physical disruption, for example shopping centres, lift systems may be disrupted impacting retailers and consumers.
In terms of what organisations can do about it, the first one is a technology point which is that just make sure you have the right processes and technology in place to mitigate the attack itself. You can also conduct effective threat intelligence to anticipate when an attack is likely to happen, and lastly the business have a role to play. Make sure that the business are ready to respond and know what their role is in responding to a DDoS attack.
Zeina Zakhour, implicates, DDoS attacks can vary in volume & type and organizations should implement a DDoS mitigation service that can protect from all of them. Protocol based attacks & application layer attacks, can be addressed by enhancing the infrastructure of the organization with adapted defense appliances.
However, voluminous DDoS attacks will require that the Companies subscribe to scrubbing centers services, which can filter legitimate traffic from the DDoS traffic and allow businesses to sustain large scale attacks. For example, the Dyn DDoS attack in 2016 reached over 1Tbps at its peak, thanks to a large scale IoT botnet. Organizations should review their strategies based on these new emerging threats.
Rana Gupta, asserts, DDoS attacks have reached new levels of sophistication, especially over the past year, and the retailers or enterprises which have fallen victim to such attacks experienced loss of consumer confidence and reputation damage. For these kinds of attack, traditional protection, such as firewalls and intrusion detection, is no longer enough. In fact, in some cases firewalls actually aid cyber criminals in their process by becoming the bottleneck that crashes the site. It is imperative for the retailers to implement strong authentication mechanism that varies as per the role and risk associated. Implementing a solution that allows PKI based authentication for administrative roles, Mobile based One Time Password authentication for (say) Vendors accessing its site, and hardware based One Time Password authentication for (say) its employees to allow for access to any IT assets shall go a long way in minimizing the DDoS attacks.
The Epicenter of Today’s ‘Cyberattacks’
With information growing exponentially in value and volume, cyber risks pose a serious threat to governments, businesses, economies and individuals. Major economies practice extensive cybersecurity regulations to shield their classified documents and fisc.
Curious to know on the origin of these malicious geographies, we asked Zeina Zakhour, on the geographies of these malicious attacks and its impact in the digital-front India retail sector, she said, the Indian retail industry is not immune to these attacks. The industry needs to seriously evaluate their security infrastructure and beef-up with modern monitoring and defense systems. Especially with the growth in digital channels (for customer service, payments and loyalty programs) the need for customer education will be highly critical. With the large workforce getting inducted into the retail sector gradually, they need to be made aware of such risks and safeguards that will have to be setup actively.
Whereas, Rana Gupta, rationalizes, most modern security attacks start with a very fast, but undetected breach, followed by an extended period of time where the hacker silently siphons off data. The growing use of the Internet of Things (IoT) and operating technology (OT) devices in the retail sector are increasingly becoming the biggest target of cyber criminals. In fact, recent breaches in the retail industry, including those of retailer Office and eBay, may have been greatly mitigated by the use of Point-to-Point Encryption. Yet, according to our research, only 24% of respondents are currently implementing P2PE solutions. These hackers are also customizing their attacks to the regions, type of industries and languages, and India is no exception to this.
It’s time retailers learn about the evolving tricks and trade of cyber criminals.
Zeina Zakhour takes the last words by citing that Atos work with retail clients on various security projects depending on their needs and current security posture. For customers who wants to update or build their security strategy, our security consulting teams are mobilized to run a security risk assessments and help our customers identify their vulnerabilities, the major threats to their business and to build a security action plan & roadmap. We also work with our customers in deploying the necessary security controls to protect them from cyber-attacks. We have deployed our own IAM solution (Bull Evidian) to protect POS and supply chains, deployed our own encryption product lines (Bull Trustway) to encrypt and protect consumer’s personal data. Bull is the Atos brand for technological products. Also, we have been working with customer to monitor 24/7 their infrastructure through our 14 Security Operation Centers (out of which 2 are in India) and to detect in real time abnormal behavior (from insider suspicious activities to intrusions and cyber-attacks) and immediately neutralize and contain such attacks.
Citing on Atos’ key solutions for the retail sector, Zeina added, security as a service model will be the best business model for the retail sector, as they will have access to security expertise & capabilities that they cannot grow in-house (due to cost reasons, but also security expertise shortage in the market).
By relying on a trusted security partner, retailers can focus on their core business. Such a business model is a Consumption based model, where the retailers have limited upfront investments and can extend the monitored perimeter or the scope of services on demand, depending on the changing threat landscape, the new security technologies and the new services they build & launch for their end customers.
Such a model also provides the retailers with cyber security expertise on demand in order to perform advanced forensics analytics, penetration testing or a security risk assessment when needed.
‘Safe Future’ of Indian Retail Sector
The growing online cult in India will bring the advent of lucrative and efficient business models. No matter be the nature of the retail business, upgradation of IT and security infrastructure will be key for Indian retailers to win the game and not hide the things inside the carpet to stumble down over their own feet in lone time.
Overall, security will inscribe the fate of retail business and strategy will win.
A generic movie-buff, passionate and professional with print journalism, serving editorial verticals on Technical and B2B segments, crude rover and writer on business happenings, spare time playing physical and digital forms of games; a love with philosophy is perennial as trying to archive pebbles from the ocean of literature. Lastly, a connoisseur in making and eating palatable cuisines.
Vishal Goyal, Senior Manager - Technical Marketing, Analog and MEMS Group, RF, Sensors and A...
Souma Das, Managing Director, Qlik India
Rajesh Shewani, Head, Technology and Solution Architecture, Teradata India
Krishnan Shrinivasan, Managing Director, Lam India
Maninder Singh, Corporate Vice President and Head – Cyber Security and GRC, HCL Technologies
May 29, 2017
Mar 03, 2017
Jul 27, 2017Designed to meet the long lifecycle needs of COTS contractors Artesyn Embedded Technologies launched a powerful new packet processing and high performance server blade, the ATCA-7540, based on dual Intel Xeon Scalable processors (codename Skylake), which were recently announced. Key Nuggets...
Jul 20, 2017Limelight Networks announces establishment of three new Points-of-Presence (PoPs) in India panning across Bombay, Chennai and Delhi. The new PoPs is...
Jul 18, 2017Spirent Communications deep reporting and analytics to check and optimize virtualized infrastructures Spirent Communications announces the release of...