Securing Retail Summit

Securing the e-commerce revolution

13th June, 2023 • Online

 

As customers move online, hackers follow. Protecting retailers and their clients is critical. But how?

 

“We want to keep shoppers’ data, identity and privacy safe, and to ensure that the retail sector is well equipped to face the cyber challenges associated with an ever-more digital world.”
– Dr Ian Levy, Technical Director, the National Cyber Security Centre

 

Retailers and those that manage their network infrastructure are among the most frequently targeted victims of cyberattacks. According to a recent survey, 24% of cyberattacks target retailers, with credential phishing, malware, ransomware and DDoS attacks the commonest threat vectors.


It’s perhaps no surprise that the industry is so targeted. The prize for the hackers is a treasure trove of easily monetizable data. Retailers store vast quantities of payment and card data as a result of heavily digitalised e-commerce models; they retain vast troves of additional personal data to finetune the personalised marketing and e-commerce portals upon which they depend.


Retailers are also easier to hack than some other sectors. They have been forced online and on to mobile not just by COVID but by rapidly changing customer habits. So, they have to maintain constantly updated e-Commerce sites even the simplest of which rely on an ecosystem of applications, browsers and proxies that contain vulnerabilities allowing hackers to compromise all elements of the order and payment process. The recent ‘Natural Fresh skimmer’, for example, shows a fake payment popup, defeating the security of a (PCI compliant) hosted payment form.


They also have to offer omnichannel payment options, constantly expanding their attack surfaces as the next Klarna, Venmo or Zelle comes along. They interact with voucher schemes and rewards schemes, often using sophisticated EPOS machines to gather yet more data. And they rely on third party systems such as payroll suppliers which have also been hacked.

 

Retailers are also vulnerable because their customers are. Retail customers straddle all age groups and demographics, and they are themselves constantly targeted by retailers’ marketing messages online and via apps, with the consequent possibility that those messages can be copied and falsified in ever smarter social engineering scams offering discounts and deals.


The penalty for being successfully attacked is also very high in the retail sector. Brand reputation is critical and can be lost easily if customers lose money to scams. DDoS attacks on e-Commerce sites can cost seven-figure sums per hour in lost revenues (imagine a pizza company that can’t take orders – its customers are hungry not loyal).


So, why are retailers also among the most breached companies around? Just being an attractive target is not a guarantee of loss, companies must also need better defences than they apparently have.


In the past, even large retailers were very publicly not in compliance with key standards, storing passwords in plain text and ignoring basic cyber hygiene. There are still problems of transparency and taking cybersecurity seriously at significant organisations and simple hacks are still causing chaos.

 

So, what should retailers be doing to achieve cyber best practice? How can they secure such valuable and vulnerable estates? And what techniques and technologies suit them best?



The e-Crime & Cybersecurity Retail Summit will take place online and will look at how cybersecurity teams are tackling this new world. Join our real-life case studies and in-depth technical sessions from the security and privacy teams behind some of the world’s most admired brands.

  • Where can AI / ML solutions help the retail sector?

    • Online stores need proactive cybersecurity not reactive.
    • In an era of instant payments and chargebacks, mistakes are harder to rectify after the fact.
    • Are AI and ML the only answer to the problems of attack volume, stealth and sophistication in retail? 
  • Securing e-commerce: avoiding the obvious errors

    • We still find ourselves talking about Java, crosssite scripting, SQL-injection and a host of other hacking techniques which are years old.
    • Why are companies still falling victim to known problems with known solutions?
    • How can your solutions help banish the golden oldies of the cybersecurity world?
  • Zero trust, IAM and PAM

    • In retail as elsewhere, the disappearing perimeter creates a critical challenge.
    • Securing remote working, new networks and new infrastructure requires a rethink of identity and access management.
    • Is zero trust the way to go and what technologies and techniques are required to implement it?
  • Keeping customers safe to keep retailers safe

    • Mass retailing means huge customer bases, and constant digital marketing over email, SMS and social media.
    • This gives hackers an almost infinite variety of ways to trick, phish and scam their way to critical identity and payment data.
    • What technologies should retailers be using to foil these attacks and how can their customers avoid loss?
  • Securing next gen payments

    • The move towards non-cash payment methods during the crisis has been extreme and looks irreversible.
    • Consumers are faced with a bewildering array of payment methods and platforms, including crypto.
    • How do we go about securing a world in which most, perhaps all, payments are digital?
  • PCI DSS – not down, not out

    • No public breach in the card data space has occurred at companies who fully complied with the PCI DSS standard.
    • With PCI DSS 4.0, an up-to-date framework now exists and should be followed.
    • Can you help retailers comply?

Who attends

Job titles

Security Architect
Business Systems Manager
Principle DevOps Engineer
Senior Information Security Engineer
Information Security Lead
Information Security Officer / Interim DPO
Information Security & Compliance Officer
Head of Detection and Response
Group IT Security and Compliance Manager
PCI DSS Compliance Manager
Incident Problem Manager
Principal Information Security Architect
Head of Information Security and IT Operations
Internal Digital Audit Manager
Partnership CISO
Digital Assurance Analyst
Security Analyst
Group Information Security Manager
Cloud Security Operations Lead
CISO
Head of IT
Physical Security & Investigations Manager
Cyber Security Manager - Incident Response
IT Director
Fraud Operations Manager
Senior Compliance officer
Data Protection Administrator
PCI Analyst
Security Architect
Security Architect
Head of Technology - Reliability Engineering and Operations
Information Security Team Lead
Cyber Security Consultant
Cyber Security Resilience Lead
Information Security Risk and Compliance Manager
Security Compliance Manager
International Director
Information Security Architect
Head of Audit
CTO
Investigation Specialist
Group Information Security Manager
Head of Information Security Risk and Governance
Compliance Consultant
Information Security Analyst
Information Security Auditor
Cyber Security Assurance Specialist
Cybersecurity Engineer
Senior Cyber Security Manager
Digital Security Manager
Compliance Security Analyst
Information Security Manager
Head of Cyber Defence
Investigation Specialist
Former Head of Security Culture & Competence
Payments and Partnerships Lead
Group Privacy & Security Director
Group Compliance Analyst
Information Security Manager
Cyber Security Manager
Information Security Analyst
CISO
Data Security & Controls Manager
IT & Information Security Manager
Information Security Auditor
CISO
Director of Cyber Security & Compliance
Head of Information & Cyber Security
IT Security Lead
Information Security & Data Privacy Leader & DPO
Group Data Protection Administrator
Vulnerability Testing Manager
Principal Security Architect
IT Risk and Compliance Analyst
Compliance Lead
Head of Security and IT Risk Management
Senior Compliance Officer
Insurance Manager
Information Security Analyst
Global Information Security, Payments & Privacy Lead
Director of Information Security
Senior Manager ISSCA Consultancy Services - ISA
Group Information Security Officer
Head of Information Security
Head of Cyber Security and Risk
Information Security Officer
Senior Information Security Analyst
Group Data Protection Officer
Senior Security Engineer
Information Security Officer and Infosec Lead
Senior InfoSec Analyst
Senior Information Security Analyst
Senior Information Security Analyst

Companies

Currys plc
Wynnstay Group plc
NEXT
River Island
Pentland
Boden
B&S World Supply
OVO Group
Theo Paphitis Retail Group
Stonegate Pub Company
ASOS plc
Sainsbury's
Kurt Geiger
Kingfisher plc
John Lewis Partnership
Kingfisher plc
WHSmith
JD Sports Fashion plc
Deliveroo
Footasylum
S & T Audio Ltd
Tesco
John Lewis Partnership
Charles Tyrwhitt
Sainsbury's
NEXT
ETEL (European Tyre Enterprise Ltd)
Sainsbury's
Clarks
Specsavers
ASOS plc
PayPoint
Wickes
Halfords
Domino's Pizza
The Co-operative Group
PCI Security Standards Council
JD Sports Fashion plc
Waterstones
The Range
Sainsbury's
Boohoo.com
Frasers Group
Maridnach
JD Sports Fashion plc
JD Sports Fashion plc
Howdens Joinery
Clarks
Currys plc
Domino's Pizza
Marie Curie Cancer Care
John Lewis Partnership
Frasers Group
Sainsbury's
H&M
OVO Group
Halfords
Odeon Cinemas
Costa Coffee
Arco
Sainsbury's
Dubai Media Incorporated (DMI)
The Co-operative Group
Waterstones
Paragon Customer Communications
LUSH
Lumanity
Card Factory
END.
IKEA Group
ETEL (European Tyre Enterprise Ltd)
Frasers Group
Halfords
The Walt Disney Company
Kingfisher plc
Clarks
JD Sports Fashion plc
Matalan
Sainsbury's
Costa Coffee
OVO Group
BT
Harvey Nichols Group Limited
All Saints Retail Ltd
N Brown Group
River Island
Dunelm Group plc
ETEL (European Tyre Enterprise Ltd)
All Saints Retail Ltd
Specsavers
Sainsbury's
All Saints Retail Ltd
John Lewis Partnership

Industries

Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail
Retail