The cyberattacks affecting major retailers, including M & S, Co-Op and more recently Adidas and North Face, all in a very quick succession, is a concern for the whole retail industry. Seeing the long-lasting effect that M & S, who has only been able to partially resume online orders after six weeks, has experienced shows just how significant the disruption is and can be for any other retailer.

Attackers are reminding us that IT infrastructure remains vulnerable, especially if businesses fail to assess cyber-risks and monitor access. Research shows that over two-thirds( 69 %) of organisations globally have fallen victim to ransomware, with 27 % being hit more than once, showing for pervasive these attacks are. Despite fewer companies( 57 %) paying, bad actors remain incentivised to strike, with 60 % of ransomware now featuring data theftrelated extortion.

Despite identity and credentials security growing in importance, there are still significant vulnerabilities that organisations need to address – particularly when it comes to remote access. In fact, with privileged credential misuse involved in 80 % of breaches, securing identities has never been more critical. Static credentials in particular can be a serious liability in today’ s fast-moving world. Passwords alone – especially unrotated ones – leave organisations vulnerable to phishing, credential stuffing and Passthe-Hash attacks. stopping lateral movement. By continuously rotating credentials and limiting their lifespan, organisations can invalidate stolen hashes and prevent attackers from moving freely within a network and abusing customer data.

However, good password hygiene isn’ t enough. Where passwords persist, robust Identity Security solutions must enforce frequent rotation, temporary keys and just-in-time access to stay ahead of threats. Strong protection starts with adopting a Zero Trust mindset and implementing Privileged Access Management( PAM) to control who can access sensitive systems, when, and how. Helping organisations make“ never trust, always verify” the reality is key – as safeguarding data begins with smarter, verified access.

Organisations are becoming increasingly aware of the identity security threat and its importance to overall business resilience, with 78 % of businesses expecting to increase their budgets in the next year. Businesses need to implement layered defences that include effective training and awareness programmes, risk-based patching, regular backups, app controls, anti-malware, network monitoring, and a regularly tested incident response plan. Comprehensive, centralised visibility and control over all employee and machine identities will help to lock the bad actors out and limit the harm they can do if they compromise your resources.

While passwordless technologies like biometrics are gaining momentum, passwords aren’ t disappearing – they’ re simply becoming one of multiple defence layers. That’ s why credential vaulting and automated password rotation are foundational to

By putting strong identity management practices in place, including multi-factor authentication, Zero Trust, and least-privilege principles, businesses will be better protected from cyberattacks like these and maintain consumer trust.

Intelligent CIO Europe Issue 91 | Page 31