Selling security

By Retail Technology | Tuesday August 1 2017

Modern retailers are more a risk than ever from hackers and security breaches due to the immense flow of customer data into organisations. Derek OCarroll, CEO of Brightpearl, discusses the risks and staying safe

Over the past few years, cyber security has become an increasingly important challenge for the retail industry. The recent media coverage of high-profile data breaches, such as the WannaCry ransomware attack, have exposed the vulnerability many companies face when it comes to cyber attacks. Retailers are especially susceptible because the growth in ecommerce and greater levels of customer data collected from card payments have created more opportunities for hackers.

Retailers, both small and large, need to be concerned about the security of their data to avoid becoming the next cyber-hack headline. This starts by understanding the potential risks facing retailers, the financial impact of security breaches, and ultimately, learning how to mitigate risk to protect oneself from cyber attacks.

Knowing your retail system: On premise vs. the cloud

The need to compete as an omnichannel retailer with streamlined back office operations has pushed retailers to adopt cloud-based retail platforms in favour of on premise, legacy management systems. This is happening across all industries, not just retail. Of the

196 IT managers and leaders surveyed by Computerworld, 79% have a cloud migration project underway or planned.

The move by retailers to cloud-based systems has helped unravel the myth that on premise systems are inherently more security than their cloud counterpart. Because many legacy systems were designed before the rise of cyber attacks, it is more difficult and

expensive to keep them secure than modern cloud-based platforms equipped with integrated multi-layered security technologies.

According to cloud security expert and senior vice president of Cloud Technology Partners, David Linthicum, “Legacy systems are more difficult to keep updated because enterprises may have to go around to several hundred thousand platforms to check and update security systems. It’s easier for legacy systems to fall behind.”

The cost of cyber attacks and staying ahead of the security game

Cisco’s 2017 annual cybersecurity report showed that almost one in three retailers reported to have incurred revenue losses as a result of a cyber attack. In addition, targeted security attacks were cited as the number one risk facing retail organisations.

This should come as no surprise given that a recent Retail Week survey found that 72% of retail executives have witnessed an exponential rise in the increase in hacking attempts in the past two to three years. Being involved in a security breach means withstanding major reputational damage that can result in future lost sales. This is because 72% of consumers are unlikely to do business again with a retailer that has experienced a security breach where personal information was taken.

Perhaps more alarming, is that nearly nine out of ten consumers would reduce their spend if they felt a retailer did not take steps to quickly correct the problem.

Retailers with weak cyber security policies not only run the risk of being attacked, but also alienating consumers they have spent years attracting and building up their brand loyalty. The potential reputational and monetary impact of a security breach clearly illustrates why retailers need to have a robust approach to cyber security.

How retailers can better protect themselves from cyber attacks

According to the Identity Theft Resource Center, 56% of all data breaches in 2016 occurred after an employee was duped into clicking a link within an email that enabled a hacker to install a piece of malware into the network. This is precisely how the Target data breach occurred.

Such hacks are easily preventable by educating and training employees on how phishing attacks work and teaching them to identify suspicious links. Even so, a new study from the UK Department for Culture, Media and Sport revealed that only 20% of UK businesses have had staff attend any form of cyber security training in the last 12 months.

Not only are non-specialist staff highly unlikely to have received such training, but only one third of UK firms have a formal policy that covers cyber security risks (33%). Staff training and implementing proper guidelines and procedure for addressing cyber security are two key steps retailers can take to safeguard their data and consumer privacy.

As well, retailers should consider moving their back-office operation from on premise legacy systems to cloud-based retail management platforms with built-in security advantages. It will not only be able to keep pace with the ever-changing retail landscape, but will also help protect retailers from cyber security threats.