5 Steps Retailers Should Take to Handle a Cyberattack

By Todd Weller

The severity of cyberattacks hitting U.S. companies has been on the rise in recent years, and with it, so grows the risk to businesses. A new study by IBM finds that while the number of cyberattacks against retailers declined by 50 percent in 2014, the actual number of records stolen remains at near record levels at 61 million. It's clear that attackers are becoming more sophisticated and efficient, reaping larger gains with less work and at a higher cost to the retailer. A recent survey by the Ponemon Institute showed the average cost of cybercrime for U.S. retail companies more than doubled from 2013, to an annual average of $8.6 million per company in 2014.

There are many reasons why attackers have set their sights on retailers. An increasing number of attack vectors as a result of multichannel strategies, BYOD, QR codes and mobile wallets, as well as vulnerable point-of-sale (POS) terminals, legacy systems and third parties in the supply chain are just a few reasons why retailers make good targets. It's impossible to prevent every single attack, but there are actions retailers can take to be more proactive when a breach happens. At the end of the day, a good offense is the best defense.

Here are five steps retailers can take to handle a cyberattack to help identify and remove advanced threats quickly and prepare for any future attacks:

1. Detect and identify. Retailers are now multichannel with storefronts, online shopping and mobile apps. This increase in customer engagement across a variety of mediums also means a more challenging task to keep data secure because customer data must be protected in different ways and places.

Once a threat has been identified in the system and verified as not a false positive, a cross-functional team is needed to oversee response, which includes locating "patient zero," the original point of entry or infection, and gaining access to the actual malware or threat. The team will need the skills to analyze it and determine how it got in, how it's behaving and spreading, and whether data is being exfiltrated.