Cisco reveals the best defences for retailers against cybercriminals who have designs on their data.

Cyber attacks are on the rise, with a majority (72%) of executives surveyed by Retail Week witnessing an increase in the last two to three years. 

iStock 491604402

The Internet of Things is creating ever-increasing new endpoints for hackers to attack

Although the problem is recognised at board level (eight out of 10 retail executives think information security has enough visibility), understanding is often limited.

Nearly half (46%) of retail executives believe their leadership “does not understand at all” and less than a third (30%) think they “sufficiently understand”.

“Nearly half of retail executives believe their leadership does not understand about information security”

Jacques Schooler, retail cyber security, Cisco

So what are the best defences the retail industry can employ against the real and present danger of cybercriminals with designs on their data?

Here are our top five:

Cisco infographic 4

  1. Security focus: IT must become focused on security and dedicate resource where appropriate, establishing and investing in a security operations function, mapping people and processes, and ensuring compliance is maintained. This should involve regular live-threat simulations to assess effectiveness in stopping or limiting the impact of attacks.
  2. Education: A robust education policy is needed across all staff to keep on top of the growing risks. To be effective, this must be more than a policy that employees sign as part of the on-boarding process and include engagement to keep information security front of mind.
  3. Dedicated budget: Retail executives report that information security budget is not always ring-fenced and a quarter of businesses surveyed had no allocation. Retailers must allocate sufficient budget to prevent and minimise issues as the cost of remediating them is potentially much greater.
  4. Industry standard: A reticence among retailers to share information about cyber attacks means no written industry standard currently exists. Alongside work in this area by bodies such as the British Retail Consortium, information security researchers, including Cisco’s Talos division, continuously study and report exploits and vulnerabilities, and share that information in cross-vendor forums.
  5. Innovation: The Internet of Things is creating more ways for consumers to interact with retailers, and ever-increasing new endpoints and potential weaknesses for hackers to attack. An all-round security strategy that takes advantage of industry best practice and technical developments is essential to defend yourself against such attacks. 

 

jacques schooler

Jacques Schooler, retail cyber security lead, Cisco