The Retail Industry: Why it is Susceptible to Cyber Attacks

Media Division | June 21, 2017

The retail industry has been subject to some of the largest cyber attacks in digital history.  But you don’t have to be a mega-sized retailer like Target or TJMaxx to be the object of a major security breach.  In fact, smaller companies suffer bigger consequences, even, when it comes to a cyber security breach.

The retail and consumer goods industry, in general, has certain qualities and vulnerabilities that make it more susceptible to cyber security threats.

Here’s why, and what you can do about it.

Retail Vulnerabilities

From the largest retailers to mom-and-pop storefronts and every scale in between, retailers operate off of a supply chain that impacts security from manufacture to consumption (and even support).  Any chain is only as strong as its weakest link.

Each of those layers presents their own possibility of something going wrong, as anyone who has dealt with supply backlogs or downed computer systems can attest.

Digitally, each of those layers represents an area of potential cyber attack, including:

  • Ordering systems
  • HR management systems
  • Scheduling and operations management systems
  • Point of sale systems
  • Digitally sourced communication systems and utility solutions
  • Data storage and reconciliation systems
  • Any device connected to the internet or an intranet

When you really take a look at each at all of the technology-based solutions to support the retail industry, you can see both how large the potential vulnerabilities field really is, as well as how reliant the retail business is on digital solutions.

When it comes to public perception, a breach in any layer of digital commerce could translate into a breach of customer trust (more damaging than a ransomware payout).

Susceptible Points of Entry

Despite all of the potential dangers associated with a digital world, the benefits still outweigh the risks.  Few businesses in the retail industry can still operate with only analog solutions.

Which is where your greatest “analog” vulnerability comes to play: real people.

Personnel poses an unintentional threat.  Most malware, ransomware, phishing scams, security breaches, etc are triggered by an internal action, but not purposefully (in most cases).

For most retailers, the cost of training employees on cyber security appears cost-prohibitive.  Employee turnover rates, requirements for paid training, and other factors prevent employee cyber security training from taking top priority.

Preventing Cyber Attacks

The first line of defense in case of a cyber threat is still prepared employees.  Beginning with the management team, but then expanding to be part of basic employee orientation, every employee can be trained to:

  • Choose passwords correctly and keep them secure.
  • Use the internet safely, if required to do so for work.
  • Report suspicious activity appropriately, such as slowed computers or increases in pop-ups (both possible signs of malware).
  • Ensure systems are up-to-date if they have access to computers.
  • Report any difficulty appropriately. Just as retailers have reporting procedures for suspected theft, customer dissatisfaction, or any other common scenario that might warrant requesting employee assistance, cyber threats should also be easily and rapidly reported.

Despite living in the age of social media and smartphones, many employees do not know the basics of cyber security.  Fortunately, understanding enough to dramatically increase security takes only a small amount of time and effort.

Threat Mitigation

For industry-specific insight, contact us.  We provide active and actionable threat assessment as well as needed reputation management, to both reduce cyber security risks and respond effectively in the event of a cyber incident.

The retail and consumer goods industries maybe are susceptible to cyber attacks of every variety, but you have effective resources at your fingertips.

MEDIA DIVISION
Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.