Is retail in denial over cybercrime?

The cybercrime challenge facing retailers is considerable, with the crooks often one step ahead.
28 March 2019

Weak point-of-sale defences are part of the problem. Source: Shutterstock

According to new British Retail Consortium (BRC) research, retailers spent 17 percent more on cybersecurity in 2018 than the year before.

Yet cybercrime is still the elephant in the room at some organizations. At a time when Brexit looms large, margins are being squeezed, and economic uncertainty is high, retailers might be forgiven for thinking that this is an area where budgetary corners can be shaved, but they would be wise to think again.

The crooks have become more skillful and sophisticated and have eroded the effectiveness of many traditional perimeter-based security controls, notes David Emm, Principal Security Researcher at Kaspersky Lab.

The BRC’s members are generally seeing a growth in the number of cyber-attacks and/or breaches. And the big risks facing retailers are not limited to financial harm. The high-profile cases of data theft at major US players Target and Home Depot have shown significant reputational damage soon follows hot on the heels of a criminal data breach.

Stay secure, keep customers

For example, according to The Grocer magazine, eight in 10 retailers think that, from an IT perspective, the biggest challenge they face in 2019 is data theft. And the reason is clear – 79 percent of those who suffered a data breach in 2018 lost customers, while 62 percent incurred legal costs.

Retail firms must either develop their own cybersecurity capability in-house— at great expense— or work with a third party that has the expertise needed to secure their digital infrastructure.

Cybersecurity is a heightened network consideration in vulnerable areas such as wifi networks, weak point-of-sale defenses, poor network configuration, inadequate staff education, and GDPR non-compliance.

More on the latter further on in this article, but as for the others, these are– and have been for some time– the main reasons why poorly prepared retailers to succumb to an attack.

Don’t underestimate the wider cyber-threat landscape

Security professionals and authorities openly recognize that the rapid advancement of technology and the emergence of new customer engagement platforms makes it difficult for them to keep up with the criminals.

Cybercriminals therefore always seem one step ahead, and organizations from all areas of retail should be vigilant and move ahead with new strategies and deployments with caution– and with security always top of mind.

GDPR shouldn’t be a four-letter word

The latest EU data regulation, GDPR, adds new levels of complexity to cybersecurity and introduces strict new legal obligations.

Among other requirements, GDPR requires businesses to uphold high levels of cybersecurity and create a data breach plan. This means that companies must notify customers within 72 hours of a data breach.

You must also be able to explain what happened, why, the risks customers have been exposed to and the next steps. This makes an effective, well-rehearsed cybersecurity data breach plan essential. Failure to comply can attract a maximum fine of 2 percent of annual global turnover, or €10 million (US$11.3 million).

GDPR may seem like a major headache, but a knowledgeable digital network partner will be able to cover-off many of the requirements within their wider network security strategy, says Paul Leybourne, Head of Sales at Vodat International.

In conclusion

Digital networks are now the backbone of every retail and hospitality operation. Every second of every day in-store data networks are used to deliver a staggering level of business-critical data – from purchase transactions, stock data and merchandising to promotions, health and safety alerts and of course customers’ personal details. It makes absolute business sense to protect these information pathways and the critical customer and business data they carry.