In recent years businesses worldwide have seen a sharp rise in the number of cyber attacks. With the significant advancements in technology in the retail sector retailers in particular are increasingly at risk of cyber attack.
Cyber security was one of the key topics at Eversheds’ recent Retail Conference in London. Recent and rapid developments in technology are revolutionising the retail sector, such that the application of technology is now fundamental to the success or failure of the businesses of most retailers. With these technological advancements come the increased risk of fraud and cyber attacks.
There have been a number of recent large scale cyber attacks on retailers. In the US retailer Target was targeted by over the Thanksgiving season. Hackers stole data from up to 40 million credit and debit cards of shoppers over the retailer’s busy holiday season. More recently a cyber attack using a malicious software known as “Chewbacca” targeted retailers in 11 countries and stole details of 24 million transactions before it was shut down.
According to a recent survey by the British Retailer Consortium (BRC) the majority of retailers suffered some form of cyber attack in 2012-13. Most retailers viewed hacking and denial of service attacks as the most critical threats to their businesses. Four in five retailers reported having experienced attacks in the form of computer viruses and malware.
Whilst technological advances in the retail sector are key to the continued success of businesses, retailers must ensure that they manage the risk these advancements pose to their business.
The BRC has said that close engagement between retailers and the new National Crime Agency and National Cyber Crime Unit, is key to fighting the most serious criminal activity. This is of course appropriate for dealing with sophisticated large scale attacks. However, attacks need not be sophisticated or large scale to have a significant detrimental impact on an individual retailer.
So, on a day to day basis what should retailers be doing?
Cyber attacks are notoriously difficult to prevent. In terms of preventative measures, retailers can increase staffing levels on those checking data and detecting attacks and spend on improving IT capabilities and encrypting data.
However, it is also important for retailers to plan for the fallout of an attack as inevitably most businesses will at one time or another, and on varying scales, be subject to a cyber attack.
A cyber attack can lead to a number of issues for a retailer. There are of course legal issues to consider such as data protection breaches and associated fines; fraud issues depending upon how the stolen data has or will be used. There are also IT considerations in how to strengthen your systems against a future attack. And there are ultimately PR issues for the retailer’s brand in the consumer world. Retailers should have an urgent response team in place who can cover all of these areas and ensure that reporting obligations are fully complied with.
Cyber security should be at the forefront of every retailer’s mind to ensure that their infrastructure and processes protect the data held, and that in the unfortunate event of an attack they are sufficiently prepared to manage the outcomes.