Here’s how Lowe’s tackles cybersecurity risks:
Cybercrime is big business, and retailers are attractive targets. Traditional retail metrics that focus information technology resources on initiatives to maximize store performance over security have left retailers with gaps in their defenses. Combine inadequate security infrastructure with large repositories of customer data, and retailers are ripe for attack. Technology is playing a pivotal role in the retail sector, and having adequate security in place has never been more critical. Security incidents can have a significant impact on a retailer’s reputation, causing customers to reduce their spend or shift loyalty to a competitor.
At Lowe’s, we have put in place comprehensive strategies and frameworks to ensure our networks and infrastructures are always secure and available.
• Lowe’s Security Operations Center helps protect internal and customer data with operations running 24x7x365 days a year. The team consists of security professionals from around the globe, drawing upon decades of information security experience, to reactively and proactively detect, respond to and prevent malicious network and system activity using various tools, techniques, and procedures. We recruit some of the best systems engineers to ensure all of this.
• Our Threat and Vulnerability Management Team manages a critical component of a robust information security program to identify threats and risks at the enterprise level. The team uses automated testing tools, such as vulnerability scanning tools, which help scan operating systems and applications, in addition to networks and infrastructure. The team provides a risk lens and risk insight into vulnerabilities and gaps across the enterprise and publishes results in vulnerability assessment reports.
• Network security is extremely critical for an organization to protect the integrity of data. Being a retail organization that serves 18 million customers every week, there are significant chances of outside threats and attacks. Lowe’s Network Security team ensure an accurate network security framework that meets the security objectives of the organization. The team manages network policies to ensure the confidentiality, integrity, and availability of Lowe’s data. People who join our network security team are expected to possess vast experience in dealing with outside threats and attacks.
Our team also uses Governance, Risk, and Compliance (GRC) tools to gain real-time visibility into security risks, vulnerabilities and threats.
Across the marketplace, we see Enterprise GRC initiatives enabling companies to manage risk and compliance activities in an aligned manner effectively. Establishing a common language and converging multiple independent risk and compliance initiatives into an integrated approach can result in many intangible and tangible benefits. A few essential benefits are:
• Potential reduction in overall risk and compliance management effort due to integrated GRC activities.
• Improved gap detection and mitigation through automation of remediation plans and deficiency analysis.
• Business process controls optimization due to integration and automation.