Stage Stores streamlines supply chain
Stage Stores is plans to close one of its distribution centers.
The retailer said that, as part of a plan to increase the efficiency of its distribution network, it will close its facility in South Hill, Virginia by the end of fiscal 2017. Stage Stores will transfer operations from the center to one of its three other distribution centers, which are located in Texas, Ohio and Nebraska.
“Our other distribution centers have ample capacity to service all of our department store and off-price locations as well as providing our e-commerce fulfillment, enabling us to streamline our distribution network and enhance efficiency,” said Michael Glazer, president and CEO.
Stage Stores operates 792 stores in 42 states under a variety of banners, including Bealls, Goody’s, Peebles, Palais Royal, Stage and 58 Gordsmans off-price stores.
Three Weak Links in E-Commerce IT Security
The pace of change in retail is faster than ever and continues to accelerate. Today’s retailers operate in a highly complex omnichannel environment that encompasses both online and in-person touchpoints. Growing consumer expectations for elevated and seamless experiences are placing pressure on retailers to make major IT investments (both online and in-store) and embrace new technology platforms to survive.
While investments in online channels are designed to help drive revenue and site traffic, bad actors are even more enticed to exploit a retailer’s growing digital presence. Because of the expanding attack surface for retailers, it is very difficult to apply consistent security policies and controls across an omnichannel environment — especially within patchwork legacy security architectures and hardware models.
The bottom line: The defenses you have in place may be inadequate to defend against rapidly evolving cyberthreats and attack vectors.
The Growing Online Threatscape
E-commerce sales in just the fourth quarter of 2016 totaled an estimated $122.5 billion, or 9.4% of all U.S. retail sales — figures that cannot be ignored by any cybercriminal. With the implementation of EMV chip card technology in October 2015, retailers are feeling the impact of card-not present fraud and must implement layers of defenses to better protect their online assets.
As fraudsters continue to shift their focus from physical to digital channels, making strategic investments in next-generation defenses can help you better detect, protect, and mitigate the following cyberthreats and vulnerabilities.
Adequate Ingest Capacity
Cyber extortion, in which companies must pay a ransom or risk a crippling distributed denial-of-service (DDoS) attack, is on the rise for retailers. A successful DDoS attack can take down your network, severely impact the bottom line, and damage consumer confidence in your brand.
With DDoS attacks increasing in size, frequency, and complexity, retailers must enhance their DDoS defenses to help ensure application availability, website uptime, and infrastructure accessibility to protect e-commerce assets year-round. Last year, the largest attack was more than 600 Gbps — highlighting the need for retailers to bolster defenses and deploy more robust DDoS mitigation solutions in order to fight back.
Targeted Firewall Scanning
A firewall contains more than 65,000 transmission control protocol ports, so hackers continuously scan systems for vulnerabilities. Even worse, targeted, more sophisticated scans are an indicator that serious cybercriminals plan to invade the network or website. Once bad actors gain access, they can steal sensitive data and deploy exploit kits that infect your critical systems with ransomware or turn your network assets into botnets.
Detecting these threats requires actionable threat intelligence as a strategic line of defense. Threat intelligence can help determine whether scans are targeted and more sophisticated (“low and slow”) so you can better identify potential port vulnerabilities and quickly mitigate the threats that pose the greatest risk first.
Undetected Data Exfiltration
While the best-case scenario is to see attackers before they penetrate the network, threat intelligence can alert retailers when their websites have been compromised. Because 86% of websites and online applications have at least one vulnerability, it’s not a matter of whether you will be targeted or attacked, but when. Considering the average retail “dwell time” for malicious activity to be discovered within a retailer’s network is 197 days, attack detection capabilities are just as important as preventive measures.
Leveraging threat intelligence helps identify two-way network communications to suspicious or known bad IP addresses, which could indicate the exfiltration of sensitive data and personally identifiable information to command-and-control servers and their botnets. This network communication visibility provides critical insights that allow retailers to respond with appropriate mitigation defenses and to allocate security resources as quickly as possible to stop attacks in progress.
We’ve all seen the headlines about breached retailers and damaging cyberattacks. In this rapidly evolving retail threatscape, proactively placing forensic investigators on retainer is an essential part of a comprehensive threat management strategy. Professional security services can conduct comprehensive vulnerability assessments and penetration testing to identify weaknesses and shore up an organization’s defenses. However, many forensic professionals and firms are backlogged.
The implications are clear: The time to secure a relationship with an incident response team is now — not after you have been compromised.
In the role of retail strategy manager for Level 3 Communications, Susan McReynolds works with customers, analysts, and industry leaders to keep a pulse on the IT trends and challenges facing today’s omnichannel retailers.
Accenture joins Target and P&G as keynote speaker at cybersecurity summit
Accenture has signed on as the title sponsor for the Retail Cyber Intelligence Summit, which will be held in Chicago, October 3 – 4, 2017. The event is sponsored by the Retail Cyber Intelligence Sharing Center (R-CISC).Registration of retailer participants is up 17% last year, according to a R-CISC spokesperson.
Kelly Bissell, managing director of Accenture Security will be the opening keynote speaker at the conference, with an addressed entitled The True Cost of Cybercrime. Vikram Desai, managing director, Accenture Security will lead a breakout session titled, Driving Security Operations Efficiency Through Orchestration and Automation.
Another keynote speaker, Rich Agostino, chief information security officer at Target Corp, will lead a session titled, “Stepping into Leadership: Staying Ahead of Today’s Threats and the Evolving CISO Role.” For a Q&A with Agostino on his approach to strategic leadership, how he is addressing the threat landscape and advice for up-and-coming leaders in the industry, click here.
Additional keynoters at the summit include Kostas Georgakopoulos, CISO at Procter & Gamble, who will lead a discussion on the next evolution of information security.
The event will also include a panel discussion entitled, “The Importance of Women in Cybersecurity.” Panelists include Deborah Dixon, senior VP, information security & risk, Best Buy Co. Roseann Larson, VP and CISO at VF Corporation and Lauren Dana Rosenblatt, executive director and global head of cyber threat management at Estée Lauder Companies.
Other speakers at the upcoming event include:
• Greg Alexander, VP, Global Security Advisor, The Priceline Group Inc.
• Scott Howitt, senior VP & CISO, MGM Resorts International
• Becky Janutis, VP, Info. Security, Kohl’s
• Grant Sewell, Mgr., Global Information Security, Scotts Miracle-Gro Company
• Adam Solomon, Associate, Hunton & Williams LLC
• Don Yeager, New York Times Best-Selling Author and
• Carson Zimmerman, Author, Cybersecurity Engineer.
The 2017 Retail Cyber Intelligence Summit will bring together 200 CISOs and their teams from the greater retail and consumer services industries — including restaurants, hospitality, gaming properties, consumer product manufacturers and more — to share best practices, gain insights and, most importantly, network with other information security professionals to build trust.
“Our annual Summit provides the perfect opportunity to continue to develop and build solid peer-to-peer relationships within our community, with the government and cross-sector relationships, helping to expand the real-time sharing of cyber threat intelligence and better protect the industry as a whole,” said Suzie Squier, executive director of R-CISC, the trusted cybersecurity community for retailers, consumer product manufacturers, grocers, hotels, restaurants, and cybersecurity industry partners worldwide.