Retail Sector

Security challenges facing the retail sector

  • IoT Vulnerabilities

  • Supply Chain Attacks

  • Poor Network Configuration

  • Employees Continue to be a Huge Risk

  • The Attacks Lead Not Only to Great Financial Loss but Damaging the Company’s Brand Reputation

  • The Risks of Non-Compliance with GDPR

 

IoT Vulnerabilities

The internet of things is poised to be one of the next great innovation frontiers for retailers. Many companies are already starting to use IoT devices for merchandise tracking, predictive equipment maintenance, and foot traffic analysis.

However, all of these new connected devices represent possible points of entry for cyber-criminals. As the cyber-security industry and government regulators struggle to keep up with the explosion of IoT devices, retailers need to weigh the costs and benefits associated with being on the leading edge of connected device usage.

At the very least, every retail IoT device should be kept up to date with all software patches.

 

Supply Chain Attacks

From the factory to the customer’s front door, technological improvements to the retail supply chain have made shopping faster and more convenient. However, the increasing connectivity between a retailer and its many third-party connections also increases the risk of a data breach.

There is a long history of hackers breaking into third-party companies in order to access the first party’s treasure trove of data. Two of the largest retail data breaches in US history (Target and Home Depot) were both the result of third-party attacks.

In addition to the threat of data breach, retailers must also be concerned with major business interruptions caused by outages at their suppliers. As we have seen before, a hack of one shipping or transportation company can cause major logistics headaches, especially during peak season.

 

Poor Network Configuration

No network can ever be 100 percent secure from a cyberattack. However, a pragmatic retailer will install measures that severely limit the chances and impact of a breach. Hackers generally look to infiltrate a soft target first, for example, a contractor’s system or in-store Wi-Fi, before moving on to areas with sensitive business data.

A common tactic is to target a contractor with a phishing email to steal their log-on credentials and then use these to infiltrate a network, for example breaching their POS system.

 

Employees Continue to be a Huge Risk

Cyber-criminals often target the weakest point of a network, and in many instances, this may be the employees. No matter how strong a retailer’s security is, or how robust their network configuration, they are at risk if they do not adequately train their staff.

Business email compromise attacks involve sending scam messages to company employees in an attempt to extract sensitive information. A lost or stolen mobile device, such as a laptop or smartphone, can also present a hacker with a treasure trove of opportunities. Hackers can also target specific individuals they know will have access to sensitive data.

 

The Attacks Lead Not Only to Great Financial Loss but Damaging the Company’s Brand Reputation

According to the Global State of Information Security Survey released by PwC in 2017, the retail and consumer sector suffers an average of 4,000 information security threats every year. One of the worst retailer attacks in the US led to massive losses, damaged the company’s brand reputation and led to resignations of the company’s senior employees.

 

The Risks of Non-Compliance with GDPR

The collection, storage and use of customer’s data have just become much more challenging due to the EU’s General Data Protection Regulation (GDPR), which aims to give individuals back ownership and control of their personal information.

Retailers that breach GDPR regulation face graded penalties depending on the severity of the case. The maximum fine is 4% of annual global turnover, or €20 million, whichever is the highest.

Sources:

BitSight Technologies  I  ITProPortal  I  CloudSecureTech