Important Lessons from Aptos’ Inaugural Cybersecurity Summit

If you’ve heard me speak on the topic of cybersecurity, you’ll know I often say that the retail industry is under attack. Retail is the third-most-targeted sector by cyber attackers, preceded only by financial institutions and healthcare.

Point being, if retailers – or their technology partners – aren’t taking cybersecurity seriously, the time to start doing so was yesterday.

Here at Aptos, security best practices have long been a major focus and investment. After all, we need to keep not only our own internal data safe but that of our customers.

But if you ever hear a technology vendor say that they are already doing “enough” when it comes to cybersecurity, consider that a red flag. Cybersecurity is an area that is constantly evolving. Threat actors are getting more sophisticated every day, and if cybersecurity teams aren’t committed to continuous learning, chances are they are falling behind.

In that spirit of constantly elevating Aptos’ cybersecurity posture, we recently hosted our first annual cybersecurity summit. Below I’ll share our three main priorities for the summit in the hopes they might inspire some of your own cybersecurity initiatives.

1. Involve the team in long-range and strategic planning.

Let’s face it – cybersecurity teams are just as guilty as every other business function when it comes to getting immersed in the day-to-day and not taking enough time to pause and focus on long-range and strategic planning.

At Aptos’ cybersecurity summit, our team built out priorities for the next two years as well as realigned on the vision for the rest of this year. While the weeklong summit included discussions around the tactical delivery of our security strategy, we also took it a step further and examined what our plan means strategically for our business and customers.

We also had a lot of philosophical discussions around cybersecurity methodologies. Our team felt empowered to share their views – sometimes passionately – and these views were inputs into our longer-term strategy. As our cybersecurity team executes on this plan going forward, I am confident that they will feel more vested in our direction since they helped shape the strategy.

2. Connect with colleagues on a deeper level.

At Aptos, our cybersecurity team is distributed across three continents – with most of us living in the US, the UK or India. Given the geographic distances and remote working, most of our team have never met in person, despite in some cases having worked together for years. It was important for me to get everyone face-to-face, with London serving as the most central location.

The concept of connection is an interesting one. In this digital age, many of us are hyperconnected to our jobs and to our co-workers. But often we are missing out on that more personal connection with those we work with. The type of conversation co-workers will have over a pint at a pub, or over dinner, has a quality that is very different from a workday exchange over Microsoft Teams.

During the summit, to further connect, we took a field trip to the British Museum. Looking at some of the world’s most ancient artifacts was a powerful bonding exercise. The Rosetta Stone, in particular, generated some fantastic conversation among the team. For example, the Rosetta Stone provided the keys to deciphering Egyptian hieroglyphics. It’s akin to modern cryptographic keys and decryption algorithms used to unlock encrypted data.

The summit – and the relationships that formed and were strengthened at it – was a reminder that just because we have the capability to always work remote, it doesn’t mean we always should. I was thrilled to see the deeper connections this summit forged for our team.

3. Arrive at and agree on clear action items.

As a group, we were determined to arrive at clear action items coming out of the summit to bring back to the business.

Some of the topics we formed action items around were:

• What are some of the threats we are seeing in retail?
• How do we think these threats will evolve over the next year?
• How do we filter out the noise?
• What are the best methods of educating the larger Aptos workforce about our cybersecurity practices? And how can we best share them with clients?
• How are we getting the most value out of the tools that we use currently? How should we evaluate new tools to best protect against threats?
• Overall, what should we be doing differently? And how can we have a bigger impact?

Aptos’ first annual cybersecurity summit provided further reinforcement that we, as a company, are making meaningful investments in cybersecurity talent, tools and processes to give our employees, customers and partners the utmost confidence.

Consider just a few of these components of Aptos’ cybersecurity practice:

• Next-generation Endpoint Detection and Response
• Annual Penetration Testing
• Quarterly Cybersecurity Training
• Internal Phishing Tests with Required Remediation Testing
• PCI 4.0 and SOC-II Type Two Certifications
• In-house OSCP Certified Engineers
• 24x7 Cyber Support Coverage

If cybersecurity is something you are passionate about or you would like to learn more about Aptos’ commitment to cybersecurity, please reach out to me on LinkedIn.