04/21/2025 | Press release | Distributed by Public on 04/21/2025 07:57
While retail cybersecurity concerns only gain attention as the holiday shopping season approaches, the reality is retail is a 24/7/365 operation and so are its associated security issues.
Recently, we sat down with Craig Searle, Director, Consulting & Professional Services in Pacific at Trustwave, to discuss the security moves retailers need to have in place.
Question: Let's start off in your neighborhood and explore the Australian retail space for a moment. Is there anything unique to this region?
Craig Searle: One element unique to the Australian market is the designation of the major grocery chains and some of their suppliers as Security of Critical Infrastructure (SOCI)-obligated. Being labeled as such means those entities have enhanced cybersecurity requirements and reporting (in the case of a breach) mandated by the Federal Government.
Otherwise, and for the most part, the retail market is becoming increasingly homogenized.
This homogenization is primarily due to the scale and reach of big online retailers like Amazon and Temu, which operate worldwide. These and similar retailers must understand the threats arrayed against them and take all the usual cybersecurity precautions across their entire global infrastructure. A great place to learn these necessities is in Trustwave SpiderLabs Research: Defending the Retail Sector in 2024.
Question: On a broader scale, what do retailers need to be doubling down on right now to secure their environments outside of the usual recommendations?
Craig Searle: Plans must be in place and regularly tested. These include incident response and recovery, disaster response, and business continuity.
During this period, time is money, so ensuring any downtime is minimized is crucial. Trustwave also recommends conducting a security assessment of all core applications and infrastructure before a period of increased traffic, such as Black Friday. These precautions will help identify potential security issues and build in enough time to address them ahead of time.
Question: How can retailers manage seasonal fluctuations, specifically the peak shopping periods with increased customer traffic and transaction volume?
Craig Searle: It really comes down to the Five P's - Prior Planning Prevents Poor Performance.
Retailers know their busy and slow-selling periods, so they must plan accordingly. IT teams can use this time to create a security and compliance calendar. Additionally, slack periods can be used to implement significant system changes and upgrades and to test new platforms.
Then, as a business approaches a busy period, it should practice and optimize response plans, etc., so when activity increases, you can be confident that systems are tuned and ready to perform.
Retailers should also not overlook their supply chain. They must ensure providers can scale their services according to those business needs and busy periods. When a third party understands your business's drivers and cycles, it can plan accordingly and provide the support you need.
Question: What do you see as the promise (or risk) of Gen AI for retailers?
Craig Searle: GenAI for retailers definitely holds a lot of possibilities. It will be able to analyze buyer trends and behaviour, allowing a business to make predictions about what and when to sell. Next, it can lead to better automation and customer interaction via AI-powered chatbots.
From a cybersecurity perspective, the adoption of GenAI is a foregone conclusion. Our role isn't to hold back the tide of technological advancements but instead to offer businesses guidelines and help to ensure they safely adopt GenAI.
These recommendations can include the development of risk frameworks, analysis of data handling, and even penetration testing of the AI platforms/integrations themselves to confirm they are secure.
Question: For more of a consumer angle, can you share some of the top things you personally do/don't ever do while shopping online?
Craig Searle: From a payment perspective, I recommend avoiding providing your payment card directly whenever possible. If the retailer offers payment via Paypal, ApplePay, or Google Pay, then these options can provide added safety and the benefit of avoiding any potential issues with the retailer storing your card data deliberately or inadvertently. In addition, the providers often also provide very favourable, from the customer's perspective, handling of chargebacks and dispute resolution should that ever be required.
Sign up to receive the latest security news and trends straight to your inbox from Trustwave.
Stay Informed:
Sign up to receive the latest security news and trends straight to your inbox from Trustwave.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.