On July 18, cybersecurity company CrowdStrike experienced a technology outage that caused widespread disruption globally. The outage affected millions of Windows users, including banks, financial institutions and other businesses.
The issue, caused by a defective software update intended to enhance threat detection and response capabilities, led to significant financial implications and highlighted the critical need for robust disaster recovery solutions as more industries rely heavily on technology. Although the impact on the fashion sector was small, some brands were included in the mix, like Canadian footwear brand Aldo, which uses CrowdStrike technology.
Aldo chief information officer Matthieu Houle described the moment as a wake-up call. “I woke up in the morning to a blue screen on my [work] computer, which triggered a bit of panic,” he said. “I called our [chief information security officer, who’s responsible for protecting our organization’s information assets and technologies from security threats] and our team, who were already in the process of fixing things. It was a manual process, but we managed to mitigate the impacts by prioritizing our revenue-generating operations like stores and e-commerce sites.” Houle had previously set up backups of the sites in case the system that was used failed.
The brand runs an international e-commerce platform, and its 1,500 global stores all use in-store technology that could be impacted by cybersecurity issues. As of last year, Aldo’s sales were just over $1 billion. “Our [cybersecurity] team was in the Middle East, so we got an early start on the event and put a process in place to intervene manually,” Houle said. This proactive approach allowed Aldo to minimize disruption and keep the business running. Houle said the impact was financially negligible, but other attacks or outages could be costlier if backups are not in place.
Houle emphasized the importance of preparedness and training in cybersecurity, which is what helped prevent further disaster. “The first place to start is the mindset. You need awareness and training, as it only takes one person to make a mistake or be hacked. Being prepared [also] means making sure your backups are ready and can be restored quickly,” he said.
According to the non-profit Identity company Theft Resource Center’s H1 2024 Data Breach Analysis Report, 1,571 data compromises were reported in the first half of 2024, impacting an estimated 1.07 billion victims, including individuals affected by multiple breaches. This represents an almost 14% increase in compromises compared to the same period in 2023, a year that set the record for data events reported in a single year (3,203).
Consumer brands have been hit by more security breaches in recent years, especially around customer data. In December 2023, fashion company VF Corp, owner of brands such as Vans and The North Face, suffered a ransomware attack that impacted 35.5 million customers’ personal information, causing significant operational disruptions. Similarly, fashion brand Forever 21 faced a data breach in 2023 affecting over 500,000 individuals.
In terms of technological safeguards, Aldo employs a managed services approach for cybersecurity, relying on Security Information and Event Management, penetration testing and other security measures. SIEM involves collecting and analyzing data from various sources within an organization’s IT infrastructure to detect and respond to potential security threats.
“We have a team of about 150 people, supplemented by external partners, which allows us to remain flexible and leverage specialized expertise when needed,” Houle noted. Houle declined to share partners as the company is under NDAs.
Newer technology developments like AI are both harming and helping maintain healthy systems. “AI can enhance cybersecurity by making our defenses smarter and more responsive to evolving threats,” he said. However, it also enables bad actors, making training and awareness more critical than ever.
AI is enhancing cybercriminal tactics by lowering the technical barriers for launching attacks and enabling sophisticated spear-phishing campaigns through large language models. Spear phishing with AI involves creating highly personalized and convincing scam emails using machine learning to trick individuals into revealing sensitive information. Brands like Aldo are having to focus on awareness from the C-suite level all the way through the business.
This evolution in technology also increases the threat of deepfakes, as seen in the February case where a Hong Kong branch of a multinational company lost $25 million due to deepfake-enabled fraud. Deep fakes are realistic fake videos or images created using AI to manipulate how people look and act.
For other fashion brands looking to bolster their cybersecurity and tech capabilities, Houle recommends a business-aligned approach to technology integration. “This ensures that technology solves real business problems,” he said. This involves working in agile teams, or “squads,” focused on specific business areas like cybersecurity, supply chain or e-commerce.
Data protection is another critical area where Aldo is proactive. “Protecting consumer data involves securing it, anonymizing it where possible, and ensuring it is used responsibly. Transparency with consumers about data usage is key,” Houle said.