Illustrated by Sarah Grillo/Axios
Walmart has launched a concerted effort to share more about its broader cybersecurity strategy as it continues to evolve from a retail giant to a technology powerhouse.
News promotion: The retail giant hosted its first cybersecurity media day with six reporters at its headquarters in Bentonville, Arkansas earlier this week.
- The day-long event included the first public tour of the on-site data center, a security team ransomware response demonstration, several panel discussions and roundtable discussions with senior executives.
Important reasons: Walmart, like other major retailers, shares much about its cybersecurity program beyond occasional one-off executive interviews and conference panel appearances, fearing malicious hackers will learn too much about its systems. I have been hesitant to do so.
- But by sharing the details of its security program, Walmart now wants to build customer confidence in its retail and all other products.
Big picture: Walmart global chief information security officer Jerry Geisler told Axios that this week’s event was just the beginning of the company’s efforts to kick off a broader effort for his team. .
- In a short interview, Geisler said, “Like many companies, we’ve found that we don’t talk much about this issue. I think we’re at a point where we want to start telling that story. ”
- Geisler believes sharing this story is vital to Walmart’s mission to build customer trust. Privacy-conscious consumers will continue to buy from her when people see how much Walmart is committed to protecting their personal information.
Line spacing: Walmart’s cybersecurity goes far beyond physical stores and e-commerce activities.
Catch up soon: Walmart has had an information security team for more than 20 years, Geisler said, and has the advantage of having security teams embedded throughout the company’s other departments, including legal and product design.
- “Not many companies built their information security programs in the late 90s,” he added.
Zoom out: As consumers demand more information about how their data is collected, stored and protected, more and more companies are beginning to build their cybersecurity and privacy reputations.
- A prime example is Apple, which has built a reputation as a privacy-focused technology company as it expands its services beyond devices.
detail: Walmart has security guards in Bentonville, the DC Area, the Bay Area and Bangalore, India. More services will soon be available at new hubs in Atlanta, Seattle and Toronto.
- The company has attorneys who have created a quantifiable risk analysis score to help inform non-security leaders how much of a threat a new vulnerability poses to their company.
- Walmart conducts quarterly audits of files that current employees have access to and is currently looking at ways to move to a full Zero Trust plan and eliminate passwords entirely, said Walmart’s ID. and Melissa Yandel, senior director of the access management team, told Axios. .
conspiracy: While much of Walmart’s security operations are done in-house, we work with some vendors on various detection efforts.
- The company has its own incident response and threat intelligence teams, as well as an in-house certified forensics lab for hardware and data recovery operations. Most companies outsource at least one of these to third-party contractors.
Yes, but: Building so many in-house cybersecurity tools doesn’t make sense for every company. Not everyone has the same resources as he ranks #1 on the Fortune 500.
What’s next: Geisler said he expects the next phase of the Walmart cyberattack to focus on consumer education.
Sign up for the Axios cybersecurity newsletter Codebook here.