The fear that keeps retailers up at night

If you’re the CIO of a retail company like Carphone Warehouse, Target or T-Mobile, do you rest easy at night knowing your company’s data is safe and secure, or do you feel constantly on edge about the next attack?

These three companies, as you probably know, have fallen victim to high-profile cybercrimes in recent years.

The escalating nature of cyber threats should concern all businesses in the retail space. Retail fraud was the No. 1 most reported type of online crime in the UK in 2015, rising 71% to 8,163 reported cases in the year. And surveys show the effect of a data breach on reputation and consumer confidence, for retailers especially, can be long lasting.

Even more alarming, in the UK, the Brexit vote is causing confusion about what will be required of retailers after the EU’s General Data Protection Regulation (GDPR) takes effect.

Evolving threats

Beyond concerns of compliance, security threats have evolved into organised and professional operations. No longer is it the lone hacker in the basement breaking into companies to impress friends. Today’s online attackers are far more likely to use highly skilled and low-wage labor in places like Estonia and the Ukraine – or China, where millions of Chinese go-getters can take courses in hacking – a totally legal area of study in that country.

So-called zero-day attacks, which exploit a vulnerability yet unknown to a vendor, have become exponentially more dangerous since the information is widely passed around by hackers to coordinate attacks. And this is just one type of threat. (This blog post gives an extensive and scary rundown of the many ways retailers can be infiltrated.)

Security by design

The growing sophistication and “industrialisation” of hacking in retail requires a new approach. Companies should opt for what I call “security by design,” something built into every point of the IT infrastructure, rather than something “bolted-on” at the very end.

The analogy I like to use is that of building a house, office or even a shop. If you don’t consider how best to heat and cool your building in the initial design, nothing you do at the 11th hour will make much difference. You will be cold in the winter and hot in the summer. But if you plan from the start by including strong walls, thick insulation and an efficient HVAC system, it will cost less and be more efficient.

In the same way, security should be part of all business and IT decisions. In retail, that means conducting a threat assessment, limiting points of attack throughout the organisation, improving protection controls, investing in threat detection and preparing teams to respond quickly to incidents. It means educating employees and third-party vendors about safe data management and giving them the most up-to-date tools to prevent fraud.

It’s a big job, but one that can be accomplished with the help of an expert partner. And here’s some encouraging news – the total cost of ownership for security programs actually goes down when implemented as a “security by design” up front approach.

A competitive advantage

With built-in protection, businesses can start off in a stronger position to implement ongoing security enhancements while maintaining defenses against ever-changing threats.

There may be no such thing as foolproof protection. But the goal, at minimum, is to present a less-attractive target. With the right approach and the right technology, retailers can reduce their attack surface and prevent breach events.

In dangerous times, that’s an increasingly important competitive advantage.


 

Simon Moore leads Cyber for CSC UK and Netherlands. He helps clients embrace a Secure Digital Transformation.

 

RELATED LINKS

How consumer demands are changing payment approaches

Cybersecurity as an economic driver

How technology answers the retail challenge

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: