Data breaches in the retail sector are well-known and widely covered by the media—we all remember hearing about Target, Home Depot, and TJ Maxx. But with recent breaches at Panera Bread and Hudson’s Bay Company (owners of Saks Fifth Avenue and Lord & Taylor), we see that retail will continue to be a popular and prevalent target for cyber thieves. To avoid becoming the next victim, you must remain diligent and take action now.
Cyber crime is a thriving business. Attacks get more sophisticated and ultimately more effective every year, and the resulting losses are staggering. In fact, damages from cyber crime activity are expected to be $6 trillion annually by 2021.
The problem is so severe that some have gone so far as to label it a scourge. Not long ago, IBM CEO Ginni Rometty referred to cyber crime as “the greatest threat to every profession, every industry, every company in the world.” And Warren Buffett, Berkshire Hathaway CEO and one of the wealthiest people in the world, has said cyber attacks are “the number one problem with mankind.”
Whether you agree or disagree with those statements, cyber crime is a big problem. And while every company must deal with it, one sector in particular continues to be a favorite of cyber criminals: Retail.
A Bounty of User Information
Why is retail such as popular target? Retail, maybe more than any other sector, depends heavily on customer experience. If customers are unhappy—and today, a poor digital experience leads to unhappy customers—they will take their business somewhere else in a heartbeat.
Retailers are keenly aware of this. They are always pushing to improve customer experience through personalized service, VIP offerings, loyalty programs, innovative e-commerce applications, and other methods.
But there is a trade-off. In exchange for more personalized, digital experiences, consumers give retailers personal information about themselves. That results in a bounty of information being stored by retailers about millions of consumers: names, addresses, phone numbers, email addresses, credit and debit card numbers and more. Hackers see this as a lucrative opportunity—because they know if they can steal this data, they can sell it on the cyber black market for a handsome profit.
But that’s only some of the damage hackers can do. Although it’s a poor security practice, the majority of Americans use the same password for multiple accounts. Hackers count on this. And if they can steal user login credentials, they will try to gain access to bank accounts, financial records, and other sensitive data using the same credentials. And many times, they are successful.
Lower Your Risk of Becoming a Victim
The fact is this: Given the wealth of consumer information kept by retailers, the sector will always be a popular target. Attacks will come—they’re inevitable. While you may not be able to predict when an attack will happen, you can be prepared for when it does. Taking the following steps can help you lower the risk of your organization becoming a victim:
- Prioritize Security Above Speed – Today, security is everyone’s responsibility. In the fast-paced world of retail, the effort to push out new apps and features quickly can often lead to security mistakes. Take a close look at how business units are approaching security. And make sure security is properly addressed and tested before any new features or capabilities are launched.
- Use a Security Framework – When it comes to protecting sensitive data, it’s never too late to improve your structure and discipline. Align your security program with a strong framework such as NIST to ensure you have the policies and procedures in place to manage security controls in your environment.
- Evaluate Your Application Code – Because retail is focused on consumers, many breaches are the result of poorly coded external-facing applications. The recent breach at Panera Bread is one example. In that incident, millions of customer records were exposed via the company’s website due to coding problems. And the company was unaware of the problem for months until a consumer noticed it and brought it to their attention. Make sure to check your applications to ensure they are functioning in a secure way.
- Check Your Infrastructure and Hosting Providers – The infrastructure your applications run on is just as important as the application code itself. Make sure you evaluate your infrastructure and assess your hosting providers—including cloud storage vendors—regularly. Use penetration testing and vulnerability assessments to identify weaknesses, so you can take action to eliminate vulnerabilities before a hacker can exploit them.
- Implement Web Application Firewalls & proper patching techniques– Without mobile apps and online shopping, retailers can’t survive. Both are essential to delivering the customer experience today’s consumers expect. Which is one reason the web is such an effective attack vector for cyber criminals. Make sure you use web application firewalls, and perform regular configuration audits to ensure your environment is protected against the latest threats.
For more information on how ePlus can help you protect your retail environment against cyber attacks, click here to get in touch with us or contact your ePlus Account Executive.