2024 Cyber Resilience Research: Aligning Retail Cybersecurity with Business Priorities

Read Time:3 Minute, 31 Second

New data illuminates how retail leaders can prioritize resilience.

In today’s retail environment, businesses embrace dynamic computing and other technological innovations to enhance operations and customer experiences. However, as these advancements accelerate, so does the risk of cyber threats.

The 2024 LevelBlue Retail Report reveals a significant challenge for retail leaders: aligning cybersecurity strategies with broader business objectives to ensure a resilient future, especially in securing the increasingly complex supply chain.

Dynamic Computing: Opportunity and Risk

Dynamic computing offers retail businesses unparalleled opportunities to innovate and gain a competitive edge. By processing data closer to the source, retailers can develop groundbreaking services, optimize their supply chains, and deliver more personalized customer experiences. According to the report, 86% of retail executives anticipate that dynamic computing will improve operational performance within the next three years.

However, this optimism comes with a cautionary note—82% of retail respondents also acknowledge that these innovations increase their exposure to cyber risks, particularly within the supply chain. As retail operations become more interconnected and reliant on advanced technologies, the potential for cyber attacks grows, making robust cybersecurity strategies more critical than ever. The complexity of modern supply chains, with their numerous vendors and touchpoints, only amplifies the risk, as each link in the chain could be a potential vulnerability.

Get your complimentary copy of the report. 

The Misalignment Between Business and IT

 

Despite the clear risks associated with technological innovation, there remains a troubling disconnect between business objectives and IT priorities in the retail sector. The report highlights that while business leaders are eager to drive innovation, they often overlook the need to integrate cybersecurity into their strategic planning. This misalignment leaves organizations vulnerable, particularly in their supply chains, as cybersecurity measures are frequently treated as afterthoughts rather than integral components of business success.

One of the most striking findings in the report is that 83% of retail executives do not view cyber resilience as a whole-organization priority. Instead, it is often siloed within IT departments, with limited engagement from other parts of the business. This fragmented approach undermines the effectiveness of cybersecurity efforts and exposes the organization, especially its supply chain, to greater risks.

 

 

 

Strategies for Alignment

To bridge the gap between business objectives and IT priorities, retail leaders must adopt a more integrated approach to cybersecurity, with a particular focus on the supply chain. Here are some key strategies to consider:

1. Proactive Risk Management: Retail executives must involve IT and cybersecurity teams in the early stages of strategic planning. By doing so, they can anticipate potential risks in the supply chain and develop proactive measures to mitigate them rather than reacting to threats after they occur.

2. Cross-Departmental Collaboration: Breaking down silos between IT, supply chain management, and other business units is essential for aligning cybersecurity with business goals. Regular communication and collaboration across departments can ensure that cybersecurity is considered in all business decisions, particularly those affecting the supply chain.

3. Prioritizing Cyber Resilience: Cyber resilience should be recognized as a critical business imperative, not just an IT concern. By elevating its importance within the organization, retail leaders can secure the necessary resources and support to build a more resilient operation, including a secure supply chain.

4. Leveraging External Expertise: Given the complexity of today’s cyber threats, retail organizations should not hesitate to seek external guidance. Engaging with cybersecurity experts can provide valuable insights and help strengthen internal capabilities, particularly in securing vulnerable supply chain links.

 

As retail businesses continue to innovate, the need for robust cybersecurity strategies becomes increasingly urgent, especially in securing the supply chain. The 2024 LevelBlue Retail Report underscores the importance of aligning cybersecurity efforts with broader business objectives to ensure a resilient and secure future. By adopting a more integrated approach, retail leaders can protect their organizations and supply chains from emerging threats while continuing to drive forward with innovative solutions.

The stakes have never been higher in a world where dynamic computing and technological innovation are transforming retail. Retail leaders must prioritize cyber resilience as a foundational element of their business strategy, with a strong emphasis on securing the supply chain.

Download the 2024 LevelBlue Futures Report for Retail to explore these insights and more. 

Read More

Versa Director Dangerous File Type Upload Vulnerability (CVE-2024-39717)

Read Time:1 Minute, 0 Second

What is the Vulnerability?The Versa Director GUI contains a zero-day dangerous file type upload vulnerability (CVE-2024-39717) that allows attackers to upload potentially malicious files, granting them system administrator access. This flaw effects the “Change Favicon” (Favorite Icon) option that can be misused to upload a malicious file ending with .png extension to masquerade as an image file. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-39717 to its “Known Exploited Vulnerabilities” list.What is the recommended Mitigation?Versa Networks has released a patch to address this vulnerability and has mentioned in their advisory that the vulnerability has already been exploited by an Advanced Persistent Threat actor.What FortiGuard Coverage is available?FortiGuard Labs recommends users to apply the patches released by the vendor to secure their systems and follow their system hardening guidelines.FortiGuard Labs has blocked known malware used in campaign related to the Versa Director Dangerous File Type Upload Vulnerability. Java/CVE_2024_39717.A!exploitThe FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard Labs is further investigating to provide protections and will update this Threat Signal Report with more information once it becomes available.

Read More