Korzinka

Stopping bots and mitigating phishing attempts — retailer Korzinka reduces exposure to cyber security risks with Cloudflare

Korzinka is Uzbekistan's largest chain of retail supermarkets. Employing over 8500 people across 150 full-format shops and local branches, Korzinka has provided consumers across Uzbekistan with easy access to fresh, high-quality goods and groceries since 1996.

Now the country’s largest retailer, as Uzbekistan’s first chain of modern grocery stores, Korzinka is known for its high-quality customer experience, curated products and suppliers, and intuitively organized, contemporary facilities.

Challenge: Maintaining customer confidence and securing a growing portfolio of web applications from automated attacks

After its success with the brick-and-mortar supermarket experience, Korzinka recently set its sights on creating a full range of ecommerce and home delivery services. However, as the retailer’s online offerings grew, so did its exposure to cyber security risks. To ensure the trust and safety of its customers, Korzinka sought to enhance the security of its public-facing web applications against automated bots, DDoS attacks, and other online threats.

“We are strategically developing our Internet presence and creating web applications for food delivery and similar online delivery services,” explains Alexandr Zorin, Korzinka’s Chief Information and Security Officer. “The presence of our services on the Internet imposes obligations on us to ensure their stability and security, which we also solve by purchasing Cloudflare products.”

To strengthen security and safely accelerate this growth, Korzinka turned to Cloudflare with specific goals to:

  • Secure its digital infrastructure to support the development of its online delivery services and applications
  • Mitigate phishing risks and enhance the security of its email systems
  • Streamline the regulatory compliance and ISO 27001 certification process

“We chose Cloudflare because it is a world-famous supplier with an international reputation, which offered us a set of all the necessary solutions for information security,” says Alexandr Zorin. “Cloudflare offered scalable and easy-to-use solutions.”

Solution: Stopping automated attacks in the connectivity cloud to secure a growing portfolio of public applications

Reaching out to Cloudflare, Korzinka established a pilot project to assess Cloudflare’s application security services. The Korzinka team appreciated the initial ease of setup, highlighting Cloudflare’s “expert guidance to help upskill local teams and address all configuration questions.”

During the pilot, Korzinka experienced a series of automated attacks against its online applications, but Cloudflare was already in place to shield those apps and sensitive data, maintain availability, and preserve user trust.

Based on this positive pilot, Korzinka decided to implement the full range of Cloudflare application services, including the Web Application Firewall (WAF), Bot Management, and DDoS Protection.

“During our tests, Cloudflare detected and neutralized a series of real-world attacks on our web applications, easily securing the affected web properties,” says Alexandr Zorin. “With Cloudflare protecting our public applications, we are confident our customer data is secure.”

Web and email security with Cloudflare for multi-channel protection

The next security challenge the retailer tackled was phishing protection — specifically, stopping the rising number of advanced email-borne exploits the company observed as it expanded its digital footprint.

“One of our primary concerns is that social engineering will compromise someone in the company with access to sensitive financial information,” says Alexandr Zorin.

Using Cloudflare Cloud Email Security, Korzinka secures its Microsoft Office 365 inboxes against business email compromise (BEC), malicious links, malware, and other phishing threats. Korzinka augments Microsoft’s native email controls with Cloudflare’s high-efficacy, low-touch email security, which leverages AI/ML-powered content analysis to mitigate targeted attacks that often evade traditional filters.

“Since we augmented Microsoft 365’s security with Cloudflare we have seen a big drop in malicious email traffic,” says Alexandr Zorin.

To strengthen their phishing protection, Korzinka has also layered on Cloudflare for DNS filtering across their remote and in-office users. These filters block employees from reaching known risky or suspicious domains and IPs on the Internet, including those used to phish credentials, deliver ransomware, and exfiltrate data. Implementing DNS filtering has equipped Korzinka with consistent controls and visibility to reduce risk across web and email channels.

“Cloudflare’s web and email security helps us stop phishing across multiple channels and mitigates many of our top security concerns around financial and data theft,” says Alexandr Zorin.

Alexandr Zorin estimates Korzinka eliminates over 2000 email-related threat instances every month.

Smoothing the path to ISO 27001

In addition to stopping threats, Cloudflare is helping Korzinka achieve its compliance goals as its range of online services expands. Built to adhere to international standards for Information Security Management (ISM) and help its customers achieve optimum risk management processes, Cloudflare’s native compliance is accelerating Korzinka's push for certification.

“As we develop our internal processes and focus on increasing the maturity of our information security policies, Cloudflare is one of the vendors helping us go to our target,” says Alexandr. “We expect to receive ISO 27001 certification by Q4 this year.”

Using the Cloudflare CDN, Korzinka has already offloaded 86% of its static content, achieving an average savings of 1.2 TB every 30 days. Based on this success, Korzinka is already working toward implementing even more Cloudflare solutions. With over 320+ points of presence in over 120 countries on the global network — including Tashkent, Uzbekistan’s capital — the retailer is particularly interested in leveraging Cloudflare performance services to accelerate applications, improve mobile delivery, and ensure even higher availability for its Internet properties.

“We plan to sit down with the Cloudflare team to further optimize our current configurations and explore new use cases,” says Alexandr Zorin. “We have barely scratched the surface — we have accomplished maybe 60% of what Cloudflare can help us achieve.”

Korzinka
Related Products
    Key Results
    • 1 million automated threats blocked monthly
    • 2000 monthly phishing instances and email-borne threats stopped before they reach employee inboxes
    • 86% of static and streaming content offloaded from origin servers to the global network, reducing monthly bandwidth consumption by 1.2 TB
    • Secured public-facing websites and applications against malicious bot and DDoS attacks, protecting data, maintaining service availability, and preserving customer confidence
    • Provided robust protection against advanced phishing, BEC, and advanced email-borne exploits
    • Streamlined the regulatory compliance process and accelerated progress toward ISO 27001 certification

    Cloudflare offered everything we needed — a unified suite of secure, scalable, and easy-to-use web cyber security solutions.

    Alexandr Zorin
    Chief Information and Security Officer, Korzinka

    Cloudflare’s web and email security helps us control phishing across multiple channels and addresses our core software needs for this purpose.

    Alexandr Zorin
    Chief Information and Security Officer, Korzinka

    Getting Started

    Resources

    Solutions

    Community

    Support

    Company

    © 2024 Cloudflare, Inc.Privacy PolicyTerms of UseReport Security IssuesTrademark