Skip navigation
What Retailers Should Know About Cybersecurity This Holiday Season
Industry News

What Retailers Should Know About Cybersecurity This Holiday Season

The holiday season is critical for the retail industry in the U.S., which has increasingly been facing cybersecurity challenges. Earlier this year, the Biden Administration’s Executive Order on Improving the Nation’s Cybersecurity aimed at improving efforts to “identify, deter, protect against, detect, and respond to these actions and actors.”

American consumers lost $56 billion to identity theft last year with an average of 49 million consumer victims, according to a CNBC News report. The 2021 Identity Fraud Study by Javelin Strategy & Research reports the identity fraud resulted from stolen personally identifiable information (PII) and data breaches. Retailers have to protect consumer PII and stay compliant to PCI DSS, GDPR, CPPA and more. The breaches could easily be prevented by leveraging a zero trust security posture and implementing multi-factor authentication (MFA)

The 2021 Executive Order from the White House in conjunction with the Federal Trade Commission outlined MFA as a security requirement for all federal contracts to apply to manufacturers of retail Internet of Things (IoT) devices and software. This indicates that the software systems retailers use will soon follow stricter cybersecurity hygiene practices detailed in the Executive Order. PCI DSS already requires MFA as a standard to protect PII of consumers for multi-layered protection.

“A secure authentication experience is a foundational security control for any organization. It is also the control that every employee, contractor and partner sees. Using continuous trusted access policies to manage authentication means their systems and data is protected.” —Helen Patton, Advisory CISO, Duo

Breaches don’t just impact retail consumers — retail and corporate employees also suffer consequences. Retail is critical to the U.S. economy; it added $3.9 trillion to the annual gross domestic product in 2021 and is the largest private-sector employer. With 52 million Americans working in retail, one in four U.S. jobs are in the industry, according to the National Retail Federation. As a result, there are many opportunities for bad actors to benefit from hacking campaigns that rely on the human element.

The federal government has recognized that adopting a zero trust approach, including strong MFA and device trust, is the best way to thwart ransomware and cyber attacks. With the directive including guidance for creating a consumer label law for software and mandatory reporting of breaches, there is a strong possibility that today’s guidance will become tomorrow’s regulations. MFA requires multiple factors in order to establish trusted access, including something you have (a device), something you know (a password) and something you are (a biometric). It’s virtually impossible for a hacker to have a combination of all three factors. By providing this additional layer of security, MFA can be 99.9% effective in preventing account compromise.

Retail has been hit hard over the years, from the famous Target breach to the Home Depot malware attack and TJ Maxx’s credit card breach. Retail stores have been struggling as more shoppers go online, and the pandemic knocked many out of the playing field altogether. Resources for security are not top-of-mind, but focusing on online orders and getting workers remote access is. As shoppers are starting to spend more and return to retail, security needs to be front and center not only to meet the requirements of the Executive Order, but also most compliance laws and cyber liability insurance requirements. 

Duo is more than just MFA. Our trusted access platform monitors and prevents unauthorized devices from logging into your applications and continuously monitors with adaptive access, giving permission to those who need it and blocking those who don’t. Security can be complicated, but Duo makes it easy to roll out and install for employees at all levels of access. Even if a breach occurs, Duo can contain it by preventing lateral movement to other critical applications and data. Retailers can focus on running their business and let Duo’s strong protection do the rest. 

Further Reading About Securing Retail

The Data Doesn't Lie: Lower Friction Second Factors on the Rise. Read 2021's Duo Trusted Access Report: Path to Passwordless.

Try Duo For Free

With our free 30-day trial, see how easy it is to get started with Duo and secure your workforce from anywhere, on any device.