There is a wide recognition that retail clients face significant challenges in relation to cyber security in today’s ever changing and dynamic cyber security landscape. According to the BRC Annual Retail Crime Survey, an estimated 53 percent of reported fraud in the retail industry is cyber-enabled, which represents a total cost of around £100 million. This finding is consistent with recent research findings that show that cyber attacks are up by over 30% and these attacks are not going to go away (PricewaterhouseCoopers, 2018). The main challenge they face is from a crime perspective, so be this malicious insiders, organised crime groups or other parties looking to make money from the organisation.
As the Global Data Protection Regulation (GDPR) rules come into place in 2018, retailers have to make sure that customer data is being protected. They have to notify the regulator quickly if they’ve been breached, and you have to be able to delete customer data from all of your systems if they request it, and this is obviously challenging given the fact that data is scattered across several retail organisations, planning for GDPR needs to start now.
However, retailers’ main threat is still the theft of customer data, and obviously retailers hold significant volumes of this. What retailers need to think about is remaining competitive; therefore they have to invest in digital channels, applications and other payment technologies, and obviously investing in these kinds of technology increases the risk that they face from a cyber security perspective.
Factors That Create Opportunities For Cyber Security Attacks
Online retail industry is experiencing immense growth because today, customers are opting for faster technological solutions to purchase what they need. Along with this, technological advancement has also lead to the rising chances of cyber-attacks leading to the loss of confidential information of customers. This situation has further worsened by the growth of the cloud, mobile, social and Internet of things (IoT) technology along with the increase of ransomware attacks recently. But what creates these opportunities for the attacks?
There are various factors that open up for the attacks and those stands out are:
- Accessing malware-laden websites or downloading infected files
- The use of weak passwords
- Improper and insecure system configurations
- Un-patched technology
- Poor network security
How Can Retailers Tackle These Security Challenges?
Past research and practical world examples prove that security must begin from top management. It is always a top-down approach. The top management should ensure that an in-depth security strategy is in place, and it starts with establishing a culture of security. All users must be educated in effective password creation, safe network use and be monitored while on corporate networks. Organisations should have a broader security plan in place, one that contains elements to effectively contain a breach, assess the damage, remove the vulnerability and then inform the public; a speedy response can help mitigate total damages, minimize the loss of consumer confidence, and protect company reputation from being tarnished
Additionally organisations must view network as a series of access points rather than a single, defensible perimeter. Therefore it is vital for retail organizations to secure network points that include e-commerce websites, employee access points, third-party vendor links, cloud and IoT devices such as CCTVs and printers. Organisations should understand that each network connection can be a potential breach point, even if it is only peripherally connected to “crown jewel” components. As such, each connection requires proper security protocols that reflect its function as a part of the larger network to prevent security breaches.
Lastly, retailers should consider the use of analytical security tools to scan incoming data and resource requests to identify anomalous behaviour, and then report this behaviour to the IT department for further analysis. Effectively identifying strange behaviours start with monitoring everything from infrastructure logs to network data packets and DNS transactions, but to be truly proactive, it must go several steps further, reporting any strange network behaviours in real time and intelligently adapting to network use patterns. Ideally, the analytics solution only needs minimal monitoring and should return few false alerts.
As mentioned above, retailers are on the most-wanted list for hackers, who use opportunistic attacks to achieve what they want and then quickly get out. The key here is to identify and address retail security challenges by recognizing their destructive potential. Retailers need to understand and accept the fact that no system is 100% secure. Next, companies must figure out how these opportunities are being created; then, companies must develop a holistic, end-to-end security model. Companies need to remember that protecting the baseline is no easy task but by tackling the severity of attacks, evaluating the scope of threats and then designing a holistic solution, companies should be able to mitigate and reduce security risks.
Auther : Mr. Michael Lim