Retail cyber risk tolerance
How much risk can you take?
By Alan Lipson, Retail Industry Marketing Manager, SAS
The retail Industry has received quite a bit of attention over the last few years regarding its inability to prevent hackers from obtaining credit card information of their customers.
But, it’s not just about credit card information. There is much more data at stake for the retailer, including employee information, partner information and proprietary business information. Data breaches and disruptions caused by cyberattacks have a significant (negative) impact on retailers’ profitability, brand reputation, compliance status and ability to compete in the market. In addition, it is important to identify all areas of loss, including returns fraud and supply chain losses.
Security analytics can help. SANS recently produced a white paper, Using Analytics to Predict Future Attacks and Breaches, that outlines the case for incorporating predicitive analysis to spot attacks quickly and reliably.
Data is as important an asset as inventory and real estate. Not taking a comprehensive approach to the security of your data assets, is the same as leaving the doors unlocked to your stores or distribution centers.
Customer information is vitally important and that alone is incentive to keep the trust and confidence of the consumer. But to focus solely on resolving issues related to these types of hacks is to miss the boat in terms of developing an overarching risk mitigation strategy.
Here are the steps for developing a comprehensive approach to managing your data.
By properly managing your data assets just as you would any of your physical assets and putting management plans in place for any and all contingencies, you are in control of your future no matter what external factors may affect your business.
Identify your sensitive data
What do you have? Where is it located? What is its business purpose? How long do you need to keep it, etc.?
Assess the risk of loss for each data set
What are the consequences of the loss? How will that affect your business (short-term and long-term for customer retention, brand value, etc.)?
Using technology to deter a data breach
There are different approaches that should be taken, none of which are mutually exclusive. A multi-layered obstacle to hackers is your best chance to protect your most vital assets. At a minimum, you should consider:
- Restricting authorization to resources. Identify who needs to access sensitive data, specific files, systems and networks.
- Encrypting your sensitive data. Encryption makes it harder for unauthorized persons who access the data to actually use it.
- Practicing prevention. Solutions like intrusion prevention systems (IPS), firewalls and anti-virus software can help keep attackers out. Data loss prevention (DLP) solutions can help keep sensitive information in.
- Keeping a watchful eye. Security analytics can help you understand the normal patterns of communications occurring within your network so you can accurately identify suspicious activity. Unfortunately, no matter how hard you try or how many products you have, an attacker may successfully enter your network at some point. Analytics can uncover the subtle patterns of attacker activity and quickly alert you to the most critical threats. With faster notification, security teams have a greater opportunity to neutralize the threat before it becomes a significant incident.
Develop action plans to take if a breach occurs
Unfortunately, no matter how well you plan, a successful data breach may still occur. Whether an external hacker, or an employee’s actions, at some point your company may be the unfortunate victim.
How your company deals with the loss of data (and trust) is almost as important as the loss itself. Your customers along with your employees and partners need to know what happened, why it happened and what you are doing to prevent it from happening again. Only by having clear and concise communication plans can you keep them properly informed and leave you in control of the dialogue rather than others.
By properly managing your data assets just as you would any of your physical assets and putting management plans in place for any and all contingencies, you are in control of your future no matter what external factors may affect your business. But most of all, by using all of the resources available to you, especially the use of analytics, you can increase your opportunity to thwart cyberattacks in whatever form they may choose to take.
Beyond just looking for indicators of cyber attackers in your network, analytics can help prevent the unauthorized or fraudulent use of returns. By looking for trends in your returns management system you can identify fraudulent returns and prevent future losses by requiring additional information from only those that match certain criteria, while keeping your loyal and honest customers from having to go through extensive returns processes.
Using IoT technologies you can better manage your supply chain by knowing where your products are and when they will arrive to your stores. You can also employ technologies that provide product location tracking to confirm the receipt of that inventory to the store. The same technologies will enable you to find those products within the store, helping to reduce shopping time and increase customer satisfaction.
By using all of your digital assets and applying analytics to identify trends (good and bad), you are able to help reduce your loss and bring those savings directly to your bottom line. This will help you stay ahead of the bad guys and your competition.
What to read next
- Here's an article about the building blocks of a solid cybersecurity strategy and how to allocate budget resources.