Fighting fire with fire: how AI is reshaping retail cyber defence

Kieran Howells
cyber security
NewsResourcesSponsored

This is the second in a series of articles, featuring exclusive insight from Richard Meeus, EMEA director of security technology and strategy at Akamai and Stephen Faulkner, chief technologist for security at CDW UK.

Stephen Faulkner

If part one of this series showed how cybercriminals are weaponising AI, part two explores the other side of the coin. How retailers can harness the same technology to fight back. The retail industry cannot afford to stand still. As Richard Meeus, EMEA director of security technology and strategy at Akamai, bluntly puts it: “You’ve got to assume you’re going to get breached. The odds are not on your side.”

That doesn’t mean surrender. It means adopting a mindset, and a toolkit, that accepts constant attacks and prioritises resilience.

Instant response matters

Peak season is unforgiving. If a breach happens on Black Friday morning, retailers cannot afford days of downtime.

Richard Meeus

“Organisations need to understand what recovery really means,” says Meeus. “It’s not just one app. It’s your Intrusion Detection and Prevention System (IDPS), your desktops, your app servers, everything needs to come back. And if you think you can get all of that back in three days, you can’t.”

That’s why some retailers now even ask themselves a sobering question: can we run the business on pen and paper if everything fails? The point isn’t to abandon digital, but to have fallback procedures that keep stores trading and customers supported while systems are rebuilt.

Quick wins: what retailers can do now

While long-term projects take time, both Meeus and Stephen Faulkner, chief technologist for security at CDW UK, stress there are immediate actions retailers can take.

“Look at your processes,” says Faulkner. “One retailer we worked with changed its helpdesk procedures after seeing how attackers got in elsewhere. At first it didn’t work, but they tuned it until it did. That one adjustment stopped a particular technique dead.”

Other quick wins include:

  • Ensuring multi-factor authentication (MFA) is enabled everywhere.
  • Reviewing service desk procedures to stop attackers socially engineering staff.
  • Communicating risk internally, making employees aware of when and how attacks might happen.

“You don’t need a big spend to start,” Meeus says. “Just turn on MFA wherever you can.”

Medium-term: visibility and advocacy

Beyond immediate fixes, the mid-term challenge is visibility. “A lot of organisations don’t actually know what they have,” Meeus explains. “Their networks have grown organically; with chunks no one really understands. Visualisation is the foundation of a security policy.”

Faulkner argues that mapping security to business objectives is crucial. “If you do an assessment at a point in time and then take months to act, the business may have shifted. Acquisitions, new cloud workloads, transformation plans. Security has to enable those objectives, not lag behind them.”

The other mid-term task is advocacy. Retail budgets are tighter than ever, and leaders need to be convinced that security is worth the spend. “Assess, test, map to frameworks, but also map to business goals,” Faulkner says. “That gives you the justification for investment.”

Retail cyber defence checklist

Short-term (quick wins, do it now)

  • Turn on multi-factor authentication (MFA) everywhere.
  • Review and tighten helpdesk/service desk processes to block social engineering.
  • Run awareness training. Focus on psychology (when and how attacks happen).
  • Establish an instant response plan (who does what if systems go down on Black Friday).

Medium-term (next 6–12 months)

  • Gain visibility: map your network, workloads and data.
  • Align security with business objectives (e.g. cloud migration, acquisitions, transformation).
  • Run penetration testing and red team assessments.
  • Build advocacy cases for budget, show how defences prevent costly downtime.
  • Start planning for microsegmentation and zero trust principles.

Long-term (strategic resilience)

  • Consolidate fragmented tools, move towards fewer, integrated platforms.
  • Reduce technology debt: replace dozens of point solutions with scalable architecture (e.g. SASE).
  • Invest in managed services to fill skill gaps cost-effectively.
  • Embed human risk management into culture — adaptive, role-based training and onboarding.
  • Treat cybersecurity as a business enabler, not just an IT function.

Long-term: building resilience into the DNA

For the long term, the goal is not piecemeal defences but strategic resilience. That means fewer fragmented tools and more integrated platforms.

“Some customers say, ‘we bought everything,’” recalls Meeus. “One hundred vendors, one hundred solutions. That’s weeks of reviews, training, integration work and ironically it makes you more vulnerable. Retailers don’t want to manage 100 vendors. They want five they can trust.”

Faulkner points to secure access service edge (SASE) architecture as an example of the shift. “It helps enable zero trust at the network and application level but also reduces operational overhead. You start with use cases, you build a roadmap, and you reduce your technology debt over time.”

The key is to plan strategically, knowing retailers won’t pay twice. Investments must solve today’s threats and support tomorrow’s transformation.

The human side of security

For all the technology, human behaviour remains the weak point. Faulkner estimates “90 per cent” of breaches involve human error somewhere. Attackers know this, and they exploit excitement, naivety and fatigue.

Retailers are beginning to respond with human risk management: training that adapts to roles and psychology, truly impactful workshops instead of box-ticking courses, and onboarding security from day one.

“Attackers are psychologists,” Faulkner says. “Defenders need to be, too.”

AI as defence: fighting volume with intelligence

AI can’t replace human defenders, but it can help them cope. “One of the key benefits of generative AI is the ability to summarise data at scale,” says Meeus. “Security logs are mountains of information. AI helps you visualise and interpret that in real time.”

Used effectively, AI can:

  • Detect anomalies faster than humans can spot them.
  • Distinguish between legitimate peak traffic and malicious bots.
  • Scale defences to match the flood of attacks.

But Meeus cautions against hype. “AI makes attacks more efficient, but it also makes defences more efficient. The fundamentals still matter. AI is just another tool in the arms race.”

Preparing for 2026 and beyond

The message from both experts is clear: security is not a one-off project, but an evolving discipline. Attackers will continue to professionalise . “Cybercrime is an industry now,” says Faulkner. “They apply business logic. They know when you’re busiest. They plan like any other business.”

Retailers must do the same. Those who fail to adapt risk repeating the spring’s headlines – possibly next time, in the middle of their most profitable quarter.

As Meeus concludes: “Don’t believe the hype, don’t buy the snake oil. Get the basics right, invest strategically, and be ready for when, not if, the attack comes .”

About CDW

Founded in 1984, CDW is a leading multi-brand technology solutions provider to business, government, education, and healthcare customers in the United Kingdom, and more than 170 countries across the globe. With more than 13,000 global coworkers – including 1,600 in the UK – we help you achieve your goals by delivering integrated technology solutions and services that maximise your investment.

About Akamai

Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence.

To ensure your business is ready for anything and well protected, Click Here to book a meeting with a cyber security expert, or visit uk.cdw.com or akamai.com

Click here to sign up to Retail Gazette‘s free daily email newsletter

NewsResourcesSponsored

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

NewsResourcesSponsored
Kieran Howells

Share:

Fighting fire with fire: how AI is reshaping retail cyber defence

cyber security

Social

LinkedIn
RSS


SUBSCRIBE TO OUR DAILY NEWSLETTER

  • This field is for validation purposes and should be left unchanged.

Most Read

This is the second in a series of articles, featuring exclusive insight from Richard Meeus, EMEA director of security technology and strategy at Akamai and Stephen Faulkner, chief technologist for security at CDW UK.

Stephen Faulkner

If part one of this series showed how cybercriminals are weaponising AI, part two explores the other side of the coin. How retailers can harness the same technology to fight back. The retail industry cannot afford to stand still. As Richard Meeus, EMEA director of security technology and strategy at Akamai, bluntly puts it: “You’ve got to assume you’re going to get breached. The odds are not on your side.”

That doesn’t mean surrender. It means adopting a mindset, and a toolkit, that accepts constant attacks and prioritises resilience.

Instant response matters

Peak season is unforgiving. If a breach happens on Black Friday morning, retailers cannot afford days of downtime.

Richard Meeus

“Organisations need to understand what recovery really means,” says Meeus. “It’s not just one app. It’s your Intrusion Detection and Prevention System (IDPS), your desktops, your app servers, everything needs to come back. And if you think you can get all of that back in three days, you can’t.”

That’s why some retailers now even ask themselves a sobering question: can we run the business on pen and paper if everything fails? The point isn’t to abandon digital, but to have fallback procedures that keep stores trading and customers supported while systems are rebuilt.

Quick wins: what retailers can do now

While long-term projects take time, both Meeus and Stephen Faulkner, chief technologist for security at CDW UK, stress there are immediate actions retailers can take.

“Look at your processes,” says Faulkner. “One retailer we worked with changed its helpdesk procedures after seeing how attackers got in elsewhere. At first it didn’t work, but they tuned it until it did. That one adjustment stopped a particular technique dead.”

Other quick wins include:

  • Ensuring multi-factor authentication (MFA) is enabled everywhere.
  • Reviewing service desk procedures to stop attackers socially engineering staff.
  • Communicating risk internally, making employees aware of when and how attacks might happen.

“You don’t need a big spend to start,” Meeus says. “Just turn on MFA wherever you can.”

Medium-term: visibility and advocacy

Beyond immediate fixes, the mid-term challenge is visibility. “A lot of organisations don’t actually know what they have,” Meeus explains. “Their networks have grown organically; with chunks no one really understands. Visualisation is the foundation of a security policy.”

Faulkner argues that mapping security to business objectives is crucial. “If you do an assessment at a point in time and then take months to act, the business may have shifted. Acquisitions, new cloud workloads, transformation plans. Security has to enable those objectives, not lag behind them.”

The other mid-term task is advocacy. Retail budgets are tighter than ever, and leaders need to be convinced that security is worth the spend. “Assess, test, map to frameworks, but also map to business goals,” Faulkner says. “That gives you the justification for investment.”

Retail cyber defence checklist

Short-term (quick wins, do it now)

  • Turn on multi-factor authentication (MFA) everywhere.
  • Review and tighten helpdesk/service desk processes to block social engineering.
  • Run awareness training. Focus on psychology (when and how attacks happen).
  • Establish an instant response plan (who does what if systems go down on Black Friday).

Medium-term (next 6–12 months)

  • Gain visibility: map your network, workloads and data.
  • Align security with business objectives (e.g. cloud migration, acquisitions, transformation).
  • Run penetration testing and red team assessments.
  • Build advocacy cases for budget, show how defences prevent costly downtime.
  • Start planning for microsegmentation and zero trust principles.

Long-term (strategic resilience)

  • Consolidate fragmented tools, move towards fewer, integrated platforms.
  • Reduce technology debt: replace dozens of point solutions with scalable architecture (e.g. SASE).
  • Invest in managed services to fill skill gaps cost-effectively.
  • Embed human risk management into culture — adaptive, role-based training and onboarding.
  • Treat cybersecurity as a business enabler, not just an IT function.

Long-term: building resilience into the DNA

For the long term, the goal is not piecemeal defences but strategic resilience. That means fewer fragmented tools and more integrated platforms.

“Some customers say, ‘we bought everything,’” recalls Meeus. “One hundred vendors, one hundred solutions. That’s weeks of reviews, training, integration work and ironically it makes you more vulnerable. Retailers don’t want to manage 100 vendors. They want five they can trust.”

Faulkner points to secure access service edge (SASE) architecture as an example of the shift. “It helps enable zero trust at the network and application level but also reduces operational overhead. You start with use cases, you build a roadmap, and you reduce your technology debt over time.”

The key is to plan strategically, knowing retailers won’t pay twice. Investments must solve today’s threats and support tomorrow’s transformation.

The human side of security

For all the technology, human behaviour remains the weak point. Faulkner estimates “90 per cent” of breaches involve human error somewhere. Attackers know this, and they exploit excitement, naivety and fatigue.

Retailers are beginning to respond with human risk management: training that adapts to roles and psychology, truly impactful workshops instead of box-ticking courses, and onboarding security from day one.

“Attackers are psychologists,” Faulkner says. “Defenders need to be, too.”

AI as defence: fighting volume with intelligence

AI can’t replace human defenders, but it can help them cope. “One of the key benefits of generative AI is the ability to summarise data at scale,” says Meeus. “Security logs are mountains of information. AI helps you visualise and interpret that in real time.”

Used effectively, AI can:

  • Detect anomalies faster than humans can spot them.
  • Distinguish between legitimate peak traffic and malicious bots.
  • Scale defences to match the flood of attacks.

But Meeus cautions against hype. “AI makes attacks more efficient, but it also makes defences more efficient. The fundamentals still matter. AI is just another tool in the arms race.”

Preparing for 2026 and beyond

The message from both experts is clear: security is not a one-off project, but an evolving discipline. Attackers will continue to professionalise . “Cybercrime is an industry now,” says Faulkner. “They apply business logic. They know when you’re busiest. They plan like any other business.”

Retailers must do the same. Those who fail to adapt risk repeating the spring’s headlines – possibly next time, in the middle of their most profitable quarter.

As Meeus concludes: “Don’t believe the hype, don’t buy the snake oil. Get the basics right, invest strategically, and be ready for when, not if, the attack comes .”

About CDW

Founded in 1984, CDW is a leading multi-brand technology solutions provider to business, government, education, and healthcare customers in the United Kingdom, and more than 170 countries across the globe. With more than 13,000 global coworkers – including 1,600 in the UK – we help you achieve your goals by delivering integrated technology solutions and services that maximise your investment.

About Akamai

Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence.

To ensure your business is ready for anything and well protected, Click Here to book a meeting with a cyber security expert, or visit uk.cdw.com or akamai.com

Click here to sign up to Retail Gazette‘s free daily email newsletter

NewsResourcesSponsored

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

RELATED STORIES

Most Read

Latest Feature


Menu


Close popup

Please enter the verification code sent to your email: