Retailers are increasingly in the crosshairs of cybercriminals, and their growing presence on digital and social platforms is a major reason why, says John Walsh, Field Chief Technology Officer – Critical Sectors at IGEL, a Germany-founded company specializing in endpoint security.
In an interview with Retail Insider, Walsh explained that IGEL, initially known for its thin client hardware, evolved by focusing on its operating system, an architecture that supports strong security from the endpoint outward.
“As I understand it, the company was founded in Germany and the original founders started a business that was, for the most part, a thin client,” said Walsh. “It was an operating system, but they also manufactured, the hardware that went with it.”
That operating system turned out to be remarkably resilient. “We have customers we run into who are still operating the platform from 25 years ago,” he added.
Over time, the company saw the value in separating the OS from proprietary hardware. “It became recognized that the value in the platform was really the operating system and to become more agnostic of hardware, so that we could have multiple hardware partners that the operating system would run on,” said Walsh.
The OS itself brought unique security advantages. “It was a read-only immutable Linux operating system… being able to, because it’s read-only, eliminate 70 to 90% of the attack surface right at the endpoint,” Walsh explained. “It had some very unique, also, hardware root of trust features. So it was designed for security.”
This endpoint OS is centrally managed by IGEL’s Unified Management System, allowing enterprise control across edge devices. “It had a second component that is called the Unified Management System,” said Walsh. “This unified management system centrally manages the endpoints, which is a very unique characteristic when you look at some of the competitors.”
Walsh said the system enables customized user experiences while maintaining strict security and control. “We can enforce specifically by downloading through our app portal the things that you need to do your work, the user experience that you have,” he said. “So essentially this created a very lightweight endpoint and very secure endpoint, and one in which you could enforce the user experience.”
Notably, no data resides on the endpoint. “There’s no data on the endpoint,” he emphasized. “The data on the endpoint is coming from your data centre, your cloud, whatever the instantiation is of the architecture.”
IGEL’s open ecosystem now includes more than 120 partners, with another 60 in the pipeline. “So now we can bring any combination of permutation of applications, architectural platforms that you as the end user need to essentially meet your objectives or your requirements,” said Walsh.
When asked about the growing number of cyberattacks targeting retailers, Walsh said motivations vary. “Some of the objectives could be to eliminate availability of the architecture to cost them money,” he said. “At the end of the day, these big attacks are all about how does the person who’s launching the attack benefit, right?”
“They’re either trying to get personal information, credit card information,” he added. “They’re trying to create a ransomware event that would make the retailer have to pay. They may even go further in terms of creating false transactions to gain access, if you will, to merchandise and things like that they can resell.”
The endpoint is often where such attacks begin. “Typically the endpoint is where the attack begins. So there’s some sort of social engineering or thought processes around how to get to an endpoint so that they can move laterally and vertically within the architecture,” said Walsh.
A major driver of retail vulnerability is the shift to social selling. “Retail systems are beginning to use more and more social media,” said Walsh. “They’re rapidly expanding the attack surface.”
He warned that attackers are leveraging digital storefronts and mimicking brands to lure consumers. “When I get on Facebook and I’m sitting there and I see kind of maybe a deep fake of what looks like Best Buy and as it turns out, it’s not Best Buy. It’s a really good fake.”
He shared a personal experience: “I was provided an offer to get a 30% reduction in my AT&T billings. They knew my phone number, so they obviously had done a lot of the upfront work.” However, red flags eventually revealed the scam. “I began to realize that it was a ploy simply to get personal information.”
Asked whether retailers are prepared to combat these threats, Walsh offered a measured response. “I wouldn’t want to say something that would suggest that they’re not doing their best,” he said. “But I would say that there certainly are things they need to start thinking about more.”
He cited internal friction as a challenge. “There typically tends to be some friction between your CISO (Chief Information Security Officer) … and then you’ve got your CIO (Chief Information Officer),” said Walsh. “There seems to be a lot of friction as we start to look at what the risks are with some of these new attacks versus the risks associated with implementing new capabilities.”
Walsh said the industry is in a state of transition. “We’re beginning to adopt newer ways of doing things and we’re to some degree in a transition period.”
He concluded with a warning about how artificial intelligence is amplifying the risks. “The launch of AI allows you to take a lot of these things that are in the wild and you can rapidly modify them faster than we can respond to them with the traditional monitoring and detect approach.”
His advice: start with securing the endpoints and embrace Zero Trust principles. “Retail has to start thinking about Zero Trust in order to get to resilient solutions,” said Walsh. “At the most granular level, the access that you’re providing, the request that’s being made is a valid request. You’re only giving it the least privileges that are required.”
That mindset must stretch across the business. “That should be prevalent across the supply chain and across the business and the backhaul all through the organization to eliminate the insider threat and things like that,” he said.
Walsh closed by noting the gap that retail still needs to close. “There are a lot of things that the industry needs to be doing to catch up with the critical industries.”
Related Retail Insider stories:
