There’s something uniquely gratifying about a shopping bag full of new goods or a big brown box waiting on the porch. The American love affair with shopping is legendary. Whether it’s downtown, at the mall or online, we’re always looking for a deal, the latest and greatest, or something stylish.
One of the biggest problems facing retailers is that criminals have become adept at cloaking their attacks. Perimeter security – firewalls, malware sandboxes and intrusion prevention – is no longer enough to deter or catch determined hackers. Attackers can get past defenses by mimicking benign traffic. But inside the network, they must behave in certain ways to carry out their crime. While these patterns of activity are often successful, they also represent an attacker’s key weakness.
What’s needed is a new cybersecurity model that employs the latest advances in artificial intelligence (AI) and machine learning. If organizations can immediately spot the tell-tale behaviors of attackers, they can isolate and eradicate them before they wreak havoc across the business.
Thanks to AI and machine learning, a new generation of security tools can automate the detection and response to the hidden cyber-attackers that so often evade corporate defenses.
By dramatically reducing the time to detect, understand and resolve cyber incidents before they impact business, retailers can safeguard their revenue and profitability, brand reputation and, most importantly, customer loyalty.
Case Study: Shop Direct
Shop Direct is the UK’s second-largest pureplay digital retailer. Encompassing brands such as very.co.uk and littlewoods.com, it has almost $2.79 billion in annual sales and four million active customers.
Starting life as a catalog retailer, Shop Direct is a poster-child for digital transformation. However, with success come with risk. The 1.3 million daily visitors generate an enormous amount of data that is hugely attractive to cybercriminals.
Liam Fu, head of information security at Shop Direct not only recognizes the evolving threat landscape but also the importance of having a holistic view of its network.
“Every organization at some point is subject to a breach, incident or cyber event” says Fu. “The very nature of cyber-attacks today mean that it isn’t a case of ‘if’ but ‘when’ you will experience a breach. The ability to quickly and accurately detect and respond to threats is paramount.”
Retailers need to detect and isolate threats to know what they’re up against, and respond fast. For regulators, the way you respond after a breach is critically important, which is why closing the gap between compromise and detection is so critical.
Using AI and Machine Learning to Find Attackers
By applying AI and machine learning, retailers can quickly identify where attackers are hiding and what they are doing. The highest-risk threats can be instantly prioritized by detecting the tell-tale behaviors of an attacker. Threats can be automatically scored and correlated with compromised hosts to provide a narrative of a developing attack.
AI also enables automation, which reduces the workload of retailer security analysts by speeding-up incident response. At the same time, machine learning ensures threat detection and response becomes increasingly adept at spotting hidden and unknown threats.
Such AI-based systems are not a panacea to the problem of cyberattacks; they must dovetail with other security technologies from cloud and data center workloads to user and IoT devices. The principle of identifying attackers by their behavior represents a sea-change in the way that retailers and other businesses can combat criminals.
Thanks to new models of threat detection and response, retailers can respond much faster to stop attackers before they do damage while developing stronger safeguards for their reputation, data, and consumers.
As the dynamics of trust and loyalty between brands and customers continue to shift, strategic investments in cybersecurity will have a more direct impact on business success.
Chris Morales is head of security analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise customers. He has nearly two decades of information security experience as a security industry analyst and security consultant. Chris is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.