The document discusses cloud security in the retail sector, emphasizing the growing adoption of cloud technologies and the increasing cyber threats these businesses face. Key statistics are highlighted, including a significant percentage of consumers distrusting retail security and the high costs associated with cybercrime. To mitigate threats, it proposes comprehensive security measures, including continuous monitoring, robust access policies, and effective patch management.

1. Cloud Security
For Retail01
How Not To Make
The Headlines:
Kevin Linsell
Director, Strategy & Architecture
Adapt
Richard Cassidy
Technical Director
Alert Logic
5 Ways To Kill The
Cyber Security Threat

2. How Not To Make The Headlines...

3. Kevin Linsell
Director, Strategy & Architecture
Adapt
What’s Going On Out There?

4. 04 Cloud: The Retail Enabler04
Source: IDC FutureScape, 2015
as many retailers as now
will explicitly underpin
their customer and
operations strategies on
3rd platform technologies
by 2017
3x

5. Cloud Adoption Trends05
Sources:
1. Cloud Industry Forum, 2015 (n=250)
2. Adapt Cloud Adoption Survey, 2015 (n=200)
2
years on:
84%
of UK businesses use cloud
services today1
48 53 61 69 78 84
52 47 39 31 22 16
0%
20%
40%
60%
80%
100%
2010 2011 2012 2013 2014 2015
And 78%
use more
than one
cloud-based
service1
32%
22%
35%
43%
16% 29%
7% 7%
9% 8%
2014 2015
One Two Three Four Five+
38%will increase their
cloud adoption
25%will refine their cloud
environment
18%will transform their
cloud environment2

6. An Evolving Landscape06
Early 2000s Mid 2000s 2015 & Beyond
Always
Online
Smartphone
Revolution
End Of The
Dot.com
In Pursuit Of
Omni-Channel
Shopping Trolley
Goes Mobile
Brick & Mortar +
1-Way Online
HybridVirtualPhysical
Advanced, Multi
Vector Attacks
Proliferation &
Organisation
Basic Malware,
Solo Mischief
Consumer
Technology
Data Centre
Retail
Threats &
Attacks

7. 07 Stats That Keep You Up At Night…07
Sources: 1. The UK Cyber Security Strategy: Landscape Review – NAO 2013
2. ACI Worldwide, 2014
Almost 33% of online consumers don’t
trust retail security2
£35,000 to £65,000 is the average cost of
SME cyber/data loss1
The cost of cyber crime in the UK in 2013 was estimated to be between
£18 billion & £27 billion1
7,000 Distributed Denial of Service (DDoS)
attacks daily1
For larger businesses, the average cost is
£450,000 to £850,0001

8. Richard Cassidy
Technical Director, Alert Logic
The Retail Cyber Kill Chain

9. 09 The Retail Cyber Kill Chain
1 – IDC Worldwide Security and Vulnerability Management 2014–2018 Forecast
2 – M-Trends 2015: A View from the Front Lines
Attacks are multi-stage using multiple threat
vectors
On average, it takes organizations 205 days to
identify they have been compromised1
Over two-thirds of organizations find out from
a 3rd partythey have been compromised2
IDENTIFY
& RECON
INITIAL
ATTACK
COMMAND
& CONTROL
DISCOVER/
SPREAD
EXTRACT/
EXFILTRATE

10. 010 Cybercrime: The Main Offenders
Cyber Criminal
Hacktivist APT

11. 011 Cybercrime: The Main Enablers
Anonymity
Crypto Currencies
Underground Market

12. 012 Have You Been Affected?
Source: Alert Logic CSR 2015. n=3026
39%
24%
22%
9%
6%
App Attack Brute Force Suspicious Activity Recon Trojan

13. 013 Why Are You Of Interest?
Large volumes of
personal/ financial data
eCommerce
Application
Diverse, physically
insecure infrastructure

14. Richard Cassidy
Technical Director, Alert Logic
Kevin Linsell
Director, Strategy & Architecture, Adapt
How To Kill The Cyber
Security Threat

15. 015 Continuous, End-to-End Protection
Continuous
protection
from threat &
exposure
Threat
Intelligence
& Security
Content
24 x 7
Monitoring
&
Escalation
Your IT
Environment
Cloud, Hybrid
On-Premises
Network Events &
Vulnerability
Scanning
Log Data
Web Application
Events
Data
Collection
Big Data
Analytics
Platform

16. 016 5 Ways To Kill The Cyber Security Threat
Stay Informed &…
Best Practice
 Secure your
applications first
 Create robust
access management
policies
 Adopt a patch
management
approach
 Review logs
regularly
 Build a security
toolkit
1 Assume the worst can (and will!) happen
2 Fully assess what is at risk
3 Give responsibility to the right people
4 Plan for rapid recovery
5 View strong risk mgmt & security as an enabler

17. 017 Security: A Shared Responsibility
ServiceProviderResponsibility
Foundation Services
(ISO 27001 compliant)
Hypervisor & OS
• Firewall & perimeter security services
• Segregation of Adapt & Customer Networks
• Regular Pen-tested network
• Accredited platform design & build
• Controlled access for customers
• Guest OS hardening
• Patch management
• Infrastructure updates
• Client access management
• Permission policies
• Security monitoring
• Log analysis
Apps
• Secure coding and best practices
• Software and virtual patching
• Configuration management
• Access management
• Application level attack monitoring
• Network threat
detection
• Security monitoring
• DDoS ProtectionNetworks
Compute Storage DB Network
CustomerResponsibility

18. Get in touch:
kevin.linsell@adapt.com
@kevlinsell
@domore_Adapt
Richard Cassidy
rcassidy@alertlogic.com
@rvcassidy
Thanks For Listening!
Visit us at
Adapt.com