Modern MDR for Retailers: Your Ultimate Guide

Data Breaches Continue to Occur at an Alarming Pace, Which Probably comes as no surprise to Most Retailers

In 2021, the retail industry experienced 629 confirmed incidents and 241 breaches with confirmed data disclosures, according to Verizon’s 2022 Data Breach Investigations Report. Retailers have paid a hefty price for those attacks. IBM Security’s Cost of a Data Breach Report 2022 puts the average cost of a data breach for retailers at $3.28 million.

Retailers collect valuable data such as personal consumer and payment card information, making them prime targets for cybercriminals who sell the data for large paydays. As retailers adopt more cloud-based services like contactless payments, increase their digital footprint to offer online options for buyers, and work closely with large supply chains, the attack surface expands and introduces greater cybersecurity risks.

To combat these risks, many retailers are turning to managed detection and response (MDR) services, a category of security solutions that offers the technology, process, and humans needed to defend against the increasing threat of cyberattacks. Technological research and consulting firm Gartner projects that 50% of all organizations will use MDR services by 2025.

But not all MDR providers are created equal. Retailers looking for an MDR provider in the evolving cyber landscape are having to sort through an increasingly saturated landscape of providers offering seemingly similar, but often very different levels of service to find the right MDR provider for their needs. Pondurance keeps it simple. We offer modern MDR, cybersecurity consulting, and 24/7 incident response and threat hunting to help retail businesses like yours stay safe from cyberattacks and compliance issues

Exploring MDR's History

hand with phone
Cyberattacks have evolved over the years. Today’s cyberattackers use sophisticated assaults with great frequency, and no organization is immune from a possible attack. Like other industries, retail businesses face potential attacks from malware, ransomware, business email compromise, and phishing. At the same time, brick-and-mortar and e-commerce retailers have their own unique set of cybersecurity risks including issues specific to point-of-sale systems, operations and supply chain systems, IoT devices, and use of nearfield communications for payments.

To defend against cyberattackers, retail businesses may consider a variety of security solutions including security information and event management (SIEM), managed security service providers (MSSP), extended detection and response (XDR), and MDR:

SIEM collects log data and forwards the data to a centralized management and analysis system. It stores the data for posterity, correlates data, and provides alerts, but because it’s technology only, it’s outdated as a solution.
MSSP provide alerts and manage firewalls and devices designed to keep attackers out at the perimeter. It involves technology, people, and some processes, but it’s not designed to compete with today’s sophisticated cyberattackers. Over time, MSSPs have become an “alert factory” with alerts being provided to internal security teams, with no additional support.
XDR delivers detection and response by connecting network, log, and endpoint visibility. However, the platform can be complicated to deploy and requires considerable time and energy from capable cybersecurity experts to configure and operate it.
MDR began as a service to investigate alerts and incidents in the cyber environment to better support internal teams with limited response capabilities. Today, modern MDR combines advanced technology and experienced security professionals to capture, integrate, and analyze data. Security professionals perform full scope analysis of networks, endpoints, logs, and cloud environments and proactively respond to attacks. The best MDR is a modern one with a complete tool set and experts available to leverage it.

MDR at its core is really about enabling organizations to benefit from what a provider can do for them, which includes triaging, detecting, and potentially responding to the threats. And that’s really where modern MDR picks up ... really being able to reach into the environment and block threats, in addition to a number of other characteristics such as full visibility and the ability to do threat hunting continuously as well.

Lyndon Brown, Chief Strategy Officer

Simplifying the Adoption of Complex Technology

hand with phone
Different retailers are at different stages of cybersecurity maturity. Your retail business may have technology and people in place, and modern MDR providers like Pondurance build on what you have or bring what you need to provide a customized approach to your cybersecurity. At Pondurance, we believe you shouldn’t have to throw out your existing tools or be locked into only one approach. We integrate your existing infrastructure and controls into our own monitoring and response platform.

As technology has advanced over the years, security tools have become increasingly tough to deploy, operate, and maintain. Many of the complex tools even require specialized certifications to properly use them. When you use Pondurance’s powerful platform to protect against cyberattacks, the technology burden lifts from the shoulders of your cybersecurity team and lands squarely on our shoulders. However, your in-house team still has access to the same technology as our analysts, and you retain access to your data at all times.

58% of respondents report the top pressure driving current investments in detection and response is increasingly complex enterprise computing infrastructure.
— Modern MDR: How your organization can get the most business value from Managed Detection and Response, Aberdeen Strategy & Research, August 2022

Fighting Cyberattackers with Human Defenders

Technology alone can’t stop attackers. Modern MDR providers know that human attackers must be confronted by human defenders. Without experienced cyber professionals on your team to leverage security tools, it is easier for attackers to work around your defenses undetected. Though technology is important, Pondurance believes people are the foundation of any comprehensive cybersecurity solution.

As you probably know, there’s a global cybersecurity talent shortage, and retailers are finding it difficult to hire, train, and retain professionals for in-house security teams. Across all industries, small and midsize businesses have a particularly difficult time keeping talent due to limited budgets and fewer opportunities for advancement, according to a Forrester study. External partners such as MDR providers fill the talent gaps for these small and midsize businesses. More than half of businesses in the Forrester study rely on external partners for close collaboration during cybersecurity incidents, and 53% use external partners to keep their security operations centers (SOCs) operational.

Pondurance is fully staffed with seasoned analysts, threat responders, and other security experts to seamlessly integrate with your existing team to monitor and analyze data 24/7. We apply a humans-first approach to MDR at every step of the cybersecurity process. Our professionals respond to real-time alerts with context, collaboration, remediation, and recommendations. We provide threat intelligence with insights into cyber activity worldwide and proactively hunt for threats around-the-clock to defend your retail business against cyberattacks. Pondurance delivers proactive security services backed by authentic human intelligence.

An estimated 4.1 million people work as cybersecurity professionals worldwide, including 1.14 million U.S. workers, yet the workforce must increase by 65% to defend against cyber threats.

—(ISC)2 2021 Cybersecurity Workforce Study

Bringing the 'R' to MDR

Once a threat is identified in the cyber landscape, every minute counts. Modern MDR providers like Pondurance help retailers immediately respond to the cyber threat to minimize damage and reduce recovery time and costs. After all, the longer a cyberattacker dwells in your network, the more potential damage the attacker can cause.

Pondurance rapidly takes action against an attack with predefined parameters and a 24/7 team of incident responders, incident handlers, and forensic and malware specialists who can coordinate and execute a comprehensive incident response from the moment the threat is identified.

We combine our industry-leading MDR platform with our experienced team to provide:

Identification – Identify and detect an incident as soon as possible
Containment – Stop the incident and reduce the impact
Eradication – Eliminate the threat and prevent recurrence
Recovery – Return to normal operations and conduct a post-breach investigation

Not only can Pondurance stop the incident, but we also can compile detailed forensic reports to document what happened and openly communicate with your insurance providers and attorneys:

Insurance brokers and carriers – Pondurance works as a go-to provider for incident response and digital forensics engagements. We specialize in building preincident relationships to facilitate a rapid, on-target response and reduce the cost of incidents.
Attorneys – Pondurance partners with leading law firms and in-house attorneys who specialize in cybersecurity and privacy matters. We support the highest level of confidentiality and operational security regarding all matters.

Across all respondents, the total time to detect, investigate, and recover from a security incident ranged from 46 minutes to 46 weeks.

(median: 59 hours)

— Modern MDR: How your organization can get the most business value from Managed Detection and Response, Aberdeen Strategy & Research, August 2022

Customizing Solutions for Today and Tomorrow

Your retail business is unique, with its own compliance requirements, staffing challenges, and security policies and procedures. Modern MDR providers need to allow for flexibility in their solutions and the ability to adapt and meet your changing needs. Pondurance understands that no one cybersecurity package fits every business, so we consult with you and customize our services to your business model and operational needs and integrate any security tools that your business has in place.

We meet you where you are in your cybersecurity journey, ensuring your services are right-sized at implementation. Then, as your cybersecurity needs mature over time, our services adapt to continue keeping you safe from an attack and in compliance.

As part of our customized solutions, we offer comprehensive reporting and risk assessment:

Reporting. Security incident reporting is important for compliance, but heavily regulated industries are not the only ones that can benefit from comprehensive reporting. Most businesses perform more efficiently with the proper handling of incident logs and alerts. Pondurance’s experts provide custom logging and reporting — with fine grained visibility and alerting for all relevant systems including networks, endpoints, and the cloud — to precisely document processes and cybersecurity incidents as they happen.
Risk assessment. To stay protected against attack, your retail business needs to know its cybersecurity posture. Performing periodic risk assessments is a great way to identify the areas where you are at risk and know the full extent of your vulnerabilities. A risk assessment can ensure that you’re properly allocating your cybersecurity resources and have a thorough incident response plan in place. Pondurance can conduct a risk assessment to uncover your security weaknesses and build a solid solution to defend your business against future cyber threats.

Knowing Cybersecurity vs. Compliance

Cybersecurity and compliance are not the same thing, and modern MDR providers know how to navigate the needs for both. Cybersecurity prevents cyberattackers from accessing your consumer data and your infrastructure to minimize the damage of an attack. Compliance involves conforming to industry regulations, government rules, security frameworks, and thirdparty contracts.

Retail businesses must comply with more than one security standard, and keeping track of the security log, data storage, and audit requirements demands in-depth knowledge and competency. Pondurance’s experienced professionals can readily implement your business’s specific policies and skillfully progress through any compliance issues. We offer ongoing vulnerability management, including risk assessment and penetration testing, and our team of experts can keep you compliant with federal and state laws.

Legislatures enact new cyber laws and legal requirements each year. A few of the many retail-related compliance statutes that Pondurance commonly addresses include:

23 NYCRR 500 – This New York Department of Financial Services law requires financial firms and related service providers to protect customers from loss of personal data.
Payment Card Industry Data Security Standard – This standard regulates customer financial privacy and is a standard across the credit card industry.
California Consumer Privacy Act – This personal data regulation applies to any entity using the data of California residents.
General Data Protection Regulation – This personal data privacy compliance standard from the European Union (EU) requires that any organization holding EU citizen data must comply.
FTC Safeguards Rule – This law introduces new cybersecurity standards for financial institutions including automobile dealerships and retail businesses that extend credit.

"Compliance is what you have to do, but security is what you should do."
— Dustin Hutchison, Vice President Services and Chief Information Security Officer

Understanding Your Industry

mdr graphic
In today’s cyber environment, threats pose a challenge for every industry including retail. A robust supply chain, fraud attempts, and a hectic holiday shopping season put retailers constantly on guard to keep consumer data safe. But the attacks keep coming. Over the past few years, retailers have experienced a consistent attack pattern, with the use of stolen credentials, phishing, and ransomware ranking as the top three types of attack.

Modern MDR providers understand how to work within various industries and tailor programs to fit those industry needs. They also are masters of threat intelligence across industries, providing insights into the ever-changing threat landscape for their clients.

Pondurance has significant experience in the retail industry, protecting the expanded attack surface, navigating the complexities of privacy requirements, and dealing with the multitude of cyber-related challenges that affect retail businesses. We can tackle any cybersecurity or privacy issue that arises with the confidence that comes from having been there and done that. And since our SOCs are all based in the United States, you will never have to worry about your sensitive data leaving the U.S. borders.

Tailoring to Your Needs and budget

Most likely, your retail business has a set cybersecurity budget that you want to invest as wisely and cost effectively as possible. MDR services can fit your budget. Using an MDR provider is a more economical option than hiring a full security team — that is, if you can even find workers during the talent shortage — and purchasing the technology tools needed to make it work.

First and foremost, Pondurance listens to your cybersecurity needs. We find out what’s important to you, where your most critical risks are, and what existing technology systems and controls you have in place. We help you prioritize your budget based on the specific cyber risks you face, to maximize efficiency, minimize complexity, and ensure we rightsize your services from the outset.

Then, Pondurance tailors a customized package of security services to meet your specific needs across multiple vectors, including endpoints, networks, logs, and the cloud. One size fits all is not an option. We can put technology to work from preferred vendors such as CrowdStrike, SentinelOne, or Blackberry Cylance. Or we can seamlessly work with your existing technology, integrating your data into the Pondurance tech stack, to maximize your cybersecurity investment, so there’s no need to rip and replace what you already have. We’ll never ask you to agree to or pay for more security services than you actually need to protect your retail business against cyber threats.

Continuing on the Journey

Modern MDR has come a long way from its cybersecurity origins, and it continues to evolve. As a modern MDR provider, Pondurance offers MDR services, incident response, and cybersecurity consulting to protect your retail business from cyberattacks and compliance issues. We integrate with your existing technology and staff the human defenders you need to stay safe and proactively respond to cyber threats. And Pondurance will continue to offer the customization, flexibility, and service your business needs as your cybersecurity posture matures in the years ahead.

About Pondurance

Pondurance delivers world-class MDR services to industries facing today’s most pressing and dynamic cybersecurity challenges including ransomware, complex compliance requirements, and digital transformation accelerated by a distributed workforce. By combining our advanced platform with our experienced team of analysts, we continuously hunt, investigate, validate, and contain threats so your own team can focus on what matters most.

Pondurance experts include seasoned security operations analysts, digital forensics and incident response professionals, and compliance and security strategists who provide always-on services to clients seeking broader visibility, faster response and containment, and more unified risk management for their organizations.

eBook