2016 was host to some of the most high-profile and largest data breaches known to date. LinkedIn, Yahoo, and PayAsUGym were just a few of the big brands that found themselves in the spotlight responding to large-scale issues.
Both the reporting of large-scale attacks and the upcoming GDPR regulations places even greater focus on the need for organisations to review and improved how they capture, store and processes personal and payment information and so makes this of particular importance for the retail industry.
In January 2017, a survey conducted by the British Retail Consortium revealed that 53% of retail fraud is now cyber-enabled. The study found that more sophisticated forms of crime are being committed against retailers and crimes include phishing and theft of consumer data. No surprise as fraud follows the transaction and we increasingly transact online.
With the overall cost of crime to the retail industry reaching a staggering £660m in 2015-16 the industry will need to take increasing action against the contribution of cyber-attacks to this total.
Data is both currency and product to cyber-attackers and if security flaws provide opportunity, they will run with it. The huge amounts of customer data they possess makes retailers a top target for hackers. It’s not just the amount of data gathered, but also the type of data that is important.
Financial information has its obvious uses to a hacker, but information on where consumers live and how and where they shop can be valuable too.
While the information is key to retailers creating a more personalised multi-channel shopping experience, it’s also a reason why the industry is at risk as highly motivated and well-funded groups also target the same data to support malicious campaigns.
The stakes for organisations are high
Fujitsu’s report on consumer data revealed that more than half of consumers would stop using companies that lose or misuse their data. The same research also revealed that 29% of consumers see no benefit from retailers using their personal information.
These figures highlight a lack of trust that many consumers have in organisations they provided their data to, making it even more important for organisations to respond if they are to retain their customer base.
However, the truth is that many retailers are missing a vital point: spending significant amounts of time and money on protecting themselves to try and avoid being attacked is no longer enough.
As attackers become more sophisticated, retailers need to prepare themselves for when they will be attacked, as though it is inevitable. Without the right security infrastructure and procedures in place, organisations are leaving themselves at risk of attacks with massive fallout.
Budgets should now have a balance of prudent defence, effective monitoring and incident response by default.
To mitigate risk further, more work must be done to educate consumers to identify and report fraudulent emails as soon as possible. This is something the banking industry is beginning to master, meaning it can focus on identifying unusual behaviour and acting with haste when an attack surfaces.
Well informed consumers tend to safeguard themselves, and their suppliers, against fraud and those organisations helping consumers will reap rewards.