From the Cash Register to the Cloud: The Changing Face of Security in the Retail Sector
Data security is playing an increasingly important role when it comes to the retail industry and its day-to-day operations. It's especially important for retailers as it embodies customer and payment transactions, data entry, and houses inventory and personal information throughout your entire infrastructure. While security is currently not a top priority for retailers, many of which are struggling to keep themselves afloat, it should definitely be on the forefront as they begin to open in phase two.
So, how can retail organizations help combat increasingly complex cyberattacks, especially when many companies are focused on COVID-19? Recent findings from the Verizon Data Breach Investigation Report (DBIR) highlighted that over 70 percent of breaches in 2019 were caused by outsiders. The report also found that new technologies and web applications are beginning to be detrimental to retailers when it comes to protecting the livelihood of their businesses.
Over the last six years, attacks have made a shift away from point-of-sale devices and towards web applications, which are known to be the leading cause of breaches. As more retailers shift to cloud-based services, it’s important to be mindful of web applications as a majority of data breaches seem to be stemming from two main action varieties: the use of stolen credentials and the exploitation of vulnerable web app infrastructure. This year, the DBIR found that over 40 percent of top hacking varieties were caused through the use of stolen credentials.
As more retailers begin shifting to e-commerce and other online shopping variations, experts are seeing an increase when it comes to payment data breaches. While the retail industry isn't subject to some of the political espionage and other motivations surrounding breaches, insights show that over 99 percent of incidents last year were financially motivated. Even though payment data is the most commonly lost data type, personal and credentials also continue to be highly sought after. While this number can be shocking for many retailers, there are measures that businesses can take to ensure that they're protecting the core of their business.
What Can Retailers Do?
To help ensure that your company’s data is stored and protected, retailers should take the following steps and communicate with their employees to help mitigate risk:
- Implement a Security Awareness and Training Program: Educating your staff and the people within your organization is the best way when it comes to protecting the core of the business and its data. Make sure your organization has a plan of attack and proper policies in place in case a data breach occurs.
- Email and Web Browser Protection: Taking the proper measures to help lock down browsers and filter through privacy settings can help significantly limit your risk of a data breach.
- Limitation and Control of Network Ports, Protocols and Services: Understand what services and devices are on your system. Limiting control on external ports and devices can help further secure your business
Although security isn’t unimportant, it’s taken a back seat as business owners shift priorities to keeping their doors open and optimizing e-commerce performance. By keeping security top of mind, retailers will begin to see an increase in productivity while ensuring that their business is financially protected.
Michele Dupré is a group vice president at Verizon Business Group, and is responsible for enterprise customers in the retail, hospitality and distribution verticals as well as customers headquartered in Canada.