Cybersecurity in Retail

Technology has long since transformed the retail industry, for shoppers and retailers alike. Today’s constantly connected world has seen a digital transformation well underway in the retail supply chain.

Every area of retail is touched by technology, and we’re continuously moving towards the store of the future, with drone-based deliveries, RFID chips, electronic shelf-edge technology and blockchain based loyalty programs.

This growing attack surface makes retailers vulnerable to cyber attacks as a rich seam of credit card information and personal customer information means that retail is an irresistible attack target. The main threat remains data theft.

Retailers hold significant volumes of customer data and that’s a valuable currency for organized crime groups or malicious insiders. The impact of data theft is hard to measure, but reputational damage, falling stock prices and customers taking their business elsewhere can seriously affect the bottom line.

This huge amount of customer data means that retail is one of the sectors most affected by the General Data Protection Regulation (GDPR). Storing data securely has never been more important and we’re yet to see how punitive the first fines will be for those organizations that fail to comply.

No business can protect itself 100 percent against risk, but the threat of cyber attacks and online criminality is here to stay and retail will continue to be a key attack target. Customer data must be protected and retailers need to step up their cyber readiness to ensure that confidential information stays that way.

Cybersecurity challenges in retail

• Cloud, IoT, online and mobile payments and big data are widely adopted, but this growing attack surface means sensitive data is more vulnerable to attack and data breach

• In-store technologies such as CCTV, POS systems, RFID tags, kiosks and in-store tablets add to the attack surface

• GDPR – understanding where all your data is held, ensuring that it is secure, and clarity around how it can be accessed and shared are top of today’s retail challenges

• PCI DSS – while helping to reduce payment fraud, this will only remain effective if retailers continuously maintain the security controls they have put in place

• A constantly changing threat landscape with new threats emerging and existing threats becoming more sophisticated

• High staff turnover creates a heightened insider threat risk from employees mistakenly or maliciously causing data breaches

• Lack of consolidation means multiple security vendors are securing different areas of the business

• Growing number of personal devices on the network, which increases vulnerabilities that arrive via customer communications, interactions with third parties and use of contractors as part of the workforce

• Shortage of skilled security professionals in house results in shortcuts and inability to monitor and secure every part of the infrastructure.

The NTT Security 2018 Risk:Value research reveals that:

• Just 46 percent of retailers believe that all their critical data is secure

• 52 percent of retailers do not have an information security policy in place

• Of those retailers with a policy, only 37 percent believe that all employees are aware of the policy

• Loss of customer confidence would be the biggest issue for retailers following a breach

• 63 percent of retailers think that contractors and temporary staff are their weakest security link. And malicious insider threats will be the biggest risk to security in the next 12 months according to 36 percent of retailers

• Only 39 percent of global retailers have an incident response plan in place (the lowest percentage across all industry sectors)

> Check out the Australian stats

Continuous compliance and consulting

The consequences of data loss in cost, compliance and regulatory violations, damaged client confidence and firm reputation can’t be ignored. Creating, implementing and managing a data loss prevention strategy is a significant challenge. Knowing about your compliance commitments and gaps is one thing – effectively filling them is another. With the Notifiable Data Breaches (NDB) scheme and General Data Protection Regulation (GDPR) in place, retail organisations must also be sure they handle notification of any data breaches correctly or they risk large fines and damage to their reputation.

When you engage with NTT Group companies, you can be assured that NTT Security consulting experts will help shape each governance, risk and compliance policy and process from a strategic and technical standpoint. This ensures that you are able to create a security infrastructure with the right security policies, processes, architecture, and expertise in place. External advice can be invaluable to evolve a comprehensive security strategy and, using our proven Global Enterprise Methodology consultancy delivery approach, we will enable you to understand your risk exposure and make informed risk management decisions.

Our unique capabilities

We provide a broad range of managed security, risk and compliance services that we can deliver to your organisation. Our experts have global reach and local resources and understand the specific challenges that you face in retail, both at a global and regional level. Working with a network of trusted partners and NTT Group companies, we enable your cyber resilience using a combination of consulting, managed, cloud, and hybrid security services.

Learn more about our Managed Security Services.

Added 4 December 2018

Comments (0)

No one has commented on this page yet.

Leave Comment