Retail business are frequently targeted for customer and credit card data; in fact, they’re cited as one of the two industries that has the highest estimated probability for a security breach. The impacts of a breach are significant, and immediate - loss of sales, compliance fines, and damage to the corporate brand. However, there are equally significant losses that may occur behind the scenes, including a long-term loss of confidence by shareholders, analysts, and customers as well as decreased employee morale. Over time, a cyber attack increases customer churn, decreasing the lifetime value of the business's customers. Retail providers face a high probability of cyber attack and a resultant breach; this risk is compounded by the challenges that they face in defending against these attacks.
Retail businesses typically operate on slim margins; there is little to spend for activities that do not appear to directly impact revenue and profitability. Information security is frequently neglected by retailers - there are no policies in place, and security practices are ad hoc. In fact, 70% of retail operations lack the critical skills needed to secure their business against cyber attacks.
Retailers operate their businesses under a variety of ownership models - corporate offices, franchises, affiliates. Further complexities may occur after mergers and acquisitions. The result is a heterogenous business structure that can be difficult to secure. This complexity is compounded by recent changes to the network - retailers now operate in the cloud, on traditional networks, and across mobile devices. Data must be available to support financial transactions; at the same time, it must be secured against attack. The final complexity is that of multiple compliance requirements, such as PCI DSS. The regulatory burden must be addressed to ensure a seamless implementation of security and privacy controls.
Retail businesses exist as part of a chain of third parties that provide services and products to customers. Unfortunately, retailers are at risk of poor security by others in their supply chain. Multiple cyber breaches have been traced to insecure vendors (for example, the Target breach). Retailers need a fast and effective way to assess the security of their supply chain, and mediate any weaknesses.
We recognize that retail clients are under constant and focused attacks; this is why we have developed an approach for our retail clients that goes beyond compliance requirements. It integrates risk assessments and security validation testing (vulnerability assessments, penetration testing, specialized testing of PoS devices) with an incident response program that protects retailers from the financial and reputational damage of a cyber breach. At the end of the day, cyber security is a business process that must be managed as part of regular business operations.
Contact us for more information and to see how we can provide you with a solution to meet your needs.