This blog was written by an independent guest blogger.
The pandemic accelerated a trend that was already gaining increased traction: the preference for shopping online. The last eighteen months have brought a surge to the eCommerce industry, with consumers of all ages learning how to order items online.
Competition has never been fiercer for online retailers, which means it’s not just quality products and customer service that companies must focus on. Ensuring that customers stay safe from cyber criminals while completing online transactions is of utmost importance in today’s environment.
Each year, more and more small businesses fall victim to cyber criminals, and that number is only expected to rise in the future. While retailers still need to focus on protecting employees and the systems and databases they utilize, there must also be a renewed focus on protecting customer data. In many cases, protecting customers means embracing a zero trust approach towards cybersecurity.
Today, we’ll delve into the concept of the zero-trust approach and explain why this is the safest option for retailers. We’ll also discuss some examples of how this model can be integrated into existing cybersecurity approaches.
What is the zero trust model?
The zero trust security approach, sometimes referred to as perimeter-less security, is based on the concept that no one should be trusted by default. In perimeter-based models, the system will trust user credentials if they are, say, logged in to the corporate VPN or if they are using a pre-registered device. The zero trust model has been adapted to address increasingly sophisticated cyber-attacks that can hijack a user’s credentials, device, or network to gain access to a system.
The zero trust approach still authenticates users based on passwords, among other traditional security procedures. However, the zero trust model takes it a step further by adding additional layers of verification to ensure the user truly is authenticated, such as using multi-factor authentication and verifying the location and type of device being used.
For example, an employee or customer might be prompted to record their cell phone number when they sign up for an account. This number would receive a code via text as an additional verification step when logging into the account. Even if the device has been logged in before, it will still be prompted to verify, hence zero trust.
Why adopt a zero trust approach?
With high value transactions occurring online more often than ever, protecting customer financial data is paramount. Studies show that more than half of Generation Z have already invested before the age of 25, often using fintech apps like Robinhood that facilitate financial transactions. Cryptocurrency payments are also becoming increasingly common. This means retailers who do not make it easy for consumers to spend safely online will have trouble competing in the future.
What’s more, companies around the world have been migrating to the cloud instead of using dedicated hosting. The unlimited storage offered by the cloud makes scalability easier. Cloud-based storage has been more practical to connect remote workers during the pandemic and beyond.
And while there are many benefits to using cloud-based servers, these environments also provide unique opportunities for hackers. Perhaps this is why some companies have lagged behind in the race to the cloud, still opting to manage their own networks and use dedicated servers.
According to web developer Alex Williams from Hosting Data, companies would be wise to opt for dedicated cloud hosting if security is the sole concern.
“Security is extreme in this setup, to safeguard sensitive data stored on the server network site,” says Williams. “In one sense, security risks are lower as there are no tethered accounts transferring potential infected files across the server. On the other, providers take great care to use the most state-of-the-art scanning systems to search for spammers, hackers and viruses.”
But the benefits of cloud-based computing are often too big for companies to ignore. Companies that use the cloud have peace of mind regarding their data. They have confidence knowing that all the information stored on the cloud is being backed up. It is not vulnerable to being destroyed by incidents such as natural disasters, which are all very real concerns for physical servers.
With the popularity of cloud computing inevitably comes the responsibility to shore up cybersecurity protections. According to a global survey, 72% of respondents have plans to adopt a zero trust framework or have already done so, with 42% of respondents already in the early phases of adoption.
Modern retailers who rely on online shopping cannot afford to have any business disruptions associated with cybersecurity incidents or network downtimes. Interestingly, the pandemic has heightened customer expectations when it comes to eCommerce, despite supply chain problems and other disruptions. Online shoppers expect to easily browse items, complete transactions, and receive orders within a very quick time frame. And if they’re not satisfied with their online experience with one retailer, they have no qualms about switching over to another.
Zero trust network assessment
Zero Trust Readiness Assessment is designed for customers who need to evaluate their current state information security program and its maturity in attaining Zero Trust.Learn more
How can the zero trust model protect retailers?
In today’s environment, employees are no longer completing all of their work at an office. Work from home has exploded in popularity, as has the amount of devices being used to access work emails and files. As the line between home and work blurs, it’s also common for employees to use their personal phone or tablets for work-related tasks. Therefore, ensuring mobile devices are protected from cyber-attacks is essential.
Embracing a zero-trust model heightens requirements for user authentication and protects employees and customers alike. By implementing this additional layer of security, retailers can greatly limit culpability in the event of a data breach or cyber attack.
Even if sophisticated cyber criminals are able to break into databases and steal usernames and passwords, they will rarely be able to get past this additional layer of security. The zero trust model is the modern answer to the problem of increasingly common yet sophisticated cyber-attacks.
While the transition to cloud-based computing is often blamed for cybersecurity vulnerabilities, the truth is, no one is fully safe from cyber criminals. Retailers that want to embrace all the benefits of online shopping and companies that seek to safely maintain WFH arrangements must also take a serious stance when protecting customer data.
The zero trust model has been proven effective in limiting the scope and frequency of cyber-attacks. Retailers around the world should look to implement zero trust security if they want to remain competitive and keep their employees and customers safe from malicious hackers.