2016 was a banner year for retail cyber threats: Stores experienced over 1,000 data breaches, an increase of more than 40 percent from the previous year-end data. Evidence indicates that 2017 is turning out to be an even more dangerous year for retailers. Retailers need IT teams that are prepared to address cyberattacks now more than ever. Get the facts behind the increase in cyber threats for retailers and what's needed from IT service providers.
Data Shows Retail IT Departments are Overwhelmed, Understaffed
A new study from Hewlett Packard and Zynstra, a UK-based IT company, revealed startling data about the frequency of retail cyberattacks. Forty-five percent of retailers were forced to address one cyber threat per week. In the sporting and outdoor sector, sixty-five percent of retailers faced at least one cyber threat per week. Among grocers, 29 percent of respondents reported one attack every day.
The data shows the growing seriousness of retail industry cyberattacks. Ask yourself now whether your retail IT team is prepared to address cyber threats, then fill gaps in your retail cybersecurity strategy now or risk becoming a victim.
If your IT team is playing defense on a daily or weekly basis, there isn't a lot of time to devote to other tasks. Add in the routine tasks, such as backing up data or applying patches, and many retail IT service providers are doing the minimum in maintenance work.
Over the long term, this could mean that passion projects — for instance, leveraging Internet of Things connected devices to improve the shopping experience — are sitting on the back burner because fighting cyber threats is so time-consuming.
If you can’t innovate to remain competitive with other retailers, then you could lose customers. When you're constantly defending against cyberattacks, there isn't time to innovate. It's a catch-22 made worse by the fact that many retailers are overwhelmed and understaffed. Eighteen percent of retailers who took the Hewlett Packard-Zynstra study said that lacked sufficient IT resources or skills to protect themselves.
How Retail IT Can Prevent Cyberattacks
The first step to preventing attacks is to understand the complexity of the threat landscape, something that can be difficult for retail IT teams to do when monitoring and deterrence are so time-consuming.
If there's one constant to the threat landscape, it's change. Last year saw the first major attack via the Internet of Things (IoT). This is a growing area of concern, as IoT devices, such as smart shelves, beacons, and product sensors, are becoming more widely used in the retail sector.
Retail IT service providers must lean back on IoT device manufacturers, requesting cyber security enhancements, such as the ability to change device passwords. Retailers that haven't adopted these smart products yet may wish to hold off on the next generation of IoT devices, which may feature better safeguards.
Retailers can also guard against the sort of DDoS attack that often cripples companies by purchasing more bandwidth than needed. Doing so makes it difficult for a DDoS attack to flood servers with traffic; the extra time it takes to overwhelm the server may give retail IT teams greater odds of detecting the unusual activity and fighting back.
With the increase in ransomware across sectors, retail IT teams must prioritize backups. Less than half of respondents to the Hewlett Packard-Zynstra study reported backing up critical retail data daily. Three-quarters of respondents did back up data on a weekly basis; however, this is not frequently enough to safeguard data from a ransomware attack. Retailers that do not have frequent backups literally pay the price of a ransomware attack, either by giving in to the cyber criminals or through lost data and productivity that cannot be recovered.
If your retail IT team doesn't have plans in place for how to respond to an attack or policies regarding the safekeeping of data, develop plans now. This allows everyone to quickly take action if a threat arises.
Through automation and smart partnerships, retail IT service providers can streamline the most crucial tasks and free up time. Doing so allows retail IT teams to use time wisely to implement new measures, stay abreast of cybersecurity trends, and better protect retailers from attacks.