The threat cybercrime poses to UK retailers has been making headlines again recently. In April, M&S’s online shopping channels were hit by a massive cyberattack. If the timing of the incident over the busy Easter weekend wasn’t bad enough, some of the high street giant’s digital services remained offline until May, with total losses estimated in excess of £300m.
The Co-Operative Group, meanwhile, was left with empty shelves across dozens of Co-Op, Nisa and Costcutter stores after an attack brought down its stock ordering system.
Both attacks were attributed to the same group of hackers. But of more concern than the identity of the perpetrators is the fact that cyberattacks on retail now outstrip any other sector.
Analysts suggest that this is the result of retailers gathering more and more customer data – the currency hackers are after – in the pursuit of creating the right customer-led experiences and personalisation. But amidst the data gold rush, security protocols have failed to keep pace
As a result, according to recent research by Retail Economics and Barclays UK Corporate Banking, just a quarter of retail executives feel their business is well prepared to combat a cyberattack.
Keeping up with change
Part of the problem for retailers is the pace of technological change the sector has seen over the past few years. POS systems have become increasingly networked and cloud-based, and we’ve seen much closer integration of once separate areas of operation like sales, inventory, customer relationship management and marketing etc. This has also extended to a blurring of the lines between online and offline, so e-commerce and in-store systems are not so distinct, either.
At the same time, physical retail has seen a proliferation in the number of endpoints you find in a typical store. POS terminals, kiosks, mobile POS tablets, digital screens, scan-and-go trolleys and baskets, even the growing number of sensors and cameras used to collect data on shopper behaviour to help refine that all-important experience – all of these are connected to the wider system. Not to mention to the wider internet that hackers use to launch their attacks.
All of this means that cybercriminals now have more routes into a retail ecosystem than ever before. And once inside, they can move around much more freely and gain access to much more because everything is so connected.
Your people are your security front line
It also means that retailers have more to protect. And that’s not just a case of having the right firewalls and anti-virus software in place securing your network. Despite the Hollywood image of hackers being coding geniuses capable of breaking their way through impenetrable cyber defences, the reality of most cyber attacks is much more mundane. An astonishing 95% of data breaches stem from human error – weak or exposed passwords, a device accidentally left signed into a sensitive account, someone falling for a phishing scam. Protecting a larger and more sophisticated digital estate fundamentally means training people to be security-conscious.
This is why, as retailers try to fight back against an onslaught of cybercrime, trust and good governance are so critical. To be able to trust staff to play their part in keeping your business cyber-secure, you need to empower them with the right knowledge, skills and tools. Those tools include correct access and authentication protocols, so user accounts are a) sufficiently protected and b) have appropriate levels of access to the parts of the system each individual needs. This in turn depends on having a clear view of the architecture of your digital estate, how all the different assets fit together, where different people need to move around within it, and where responsibility lies for keeping it all protected.