Zac Warren, chief security advisor, EMEA at Tanium, provides actionable advice for retailers on how to strengthen their systems in the wake of recent cyber attacks
What types of cyber threats are retailers currently most at risk from?
“For retailers, phishing remains a persistent and evolving threat, especially in environments where customer and employee data is spread across various stores or stored on legacy systems. These attacks are often a way for cybercriminals to gain initial access to a retailer’s internal systems, acting as the precursor to more damaging exploits, such as ransomware.”
“Ransomware is increasingly being used to target retail brands due to its reliance on uptime and POS systems. As seen by M&S, any disruption can cost millions in lost revenue, not to mention the negative impact on brand image and damage to customer trust. DDoS attacks are also a concern, especially during peak trading periods, as attackers exploit seasonal surges in online traffic to overload systems.”
“The real challenge for retailers, though, is the expanding and fragmented attack surface. It’s a key reason retail brands are such a prime target for bad actors. Retailers typically operate with a complex mix of old and new technologies, making it increasingly difficult for their IT teams to do their jobs. Ultimately, limited visibility across these endpoints, and the prevalence of unpatched systems, puts retailers in a reactive position, rather than a proactive one. Addressing this requires better endpoint oversight and a strategy that can break down data silos created by legacy infrastructure.”
What are the most effective first steps a retailer should take today to strengthen their cybersecurity posture?
“To strengthen their cybersecurity, retailers first need to review their current technology environment. You can’t protect what you can’t see. Retailers should start with a detailed, real-time inventory of all endpoints, assets and legacy systems, this helps to uncover shadow IT, redundant software licences and under-patched tools that are prime targets for attackers.”
“From there, it’s about simplification and automation. The more you can reduce manual workload through automated patching and remediation workflows, the more resilient the organisation becomes. And crucially, you gain the bandwidth to proactively focus on customer-facing systems rather than just reacting to alerts.”
“Modern retailers need a security stack that’s as agile as their customers. At the heart of that is Autonomous Endpoint Management (AEM), which provides real-time asset visibility and supports automated patching, which frees up teams from repetitive, manual tasks and allows them to focus elsewhere.”
“Other essential tools include real-time threat detection platforms and integrated SecOps dashboards that eliminate silos between IT and security teams. These enable faster decision-making and more consistent data hygiene across a retailer’s diverse infrastructure.”
What is the biggest cybersecurity challenge that retailers could face over the next 2–3 years?
“The most significant cybersecurity challenge that retailers will face in coming years is dealing with adversarial AI. Threat actors are already deploying generative AI to craft convincing phishing emails, reverse-engineer security tools, and deploy polymorphic malware.
“Retailers must ‘fight fire with fire’ by embracing automation to tackle these increasingly sophisticated threats. That means adopting AI-led tools to automate detection, response, and even prediction. This is especially vital for teams under pressure to do more with less. AI augments stretched resources, speeds up decision-making, and provides a much-needed edge in identifying threats before they materialise.
“The next few years will favour retailers who can modernise without causing internal friction. Essentially, the retail winners will be those who bring together IT, ITOps and SecOps into one cohesive, data-driven approach.”
What is one piece of advice that you can give to retail CEOs right now about cybersecurity?
“Don’t treat cybersecurity as a blocker to innovation. Instead, treat it as a catalyst for smarter, leaner growth. The pressure to reduce costs, modernise systems and improve customer experience all converge at the same point: the endpoint.
“If you want a resilient retail business, it’s vital to invest in visibility first. You need to know what’s running, what’s vulnerable and what’s redundant. Not just in your core systems, but across your entire supply chain and every customer touchpoint. Once you’ve got that clarity, automation and AI can do the heavy lifting. This approach will take your cybersecurity from protective to transformative.”
