Cyber Resilience, Retail And The Role Of Technology
By Nick East, Zynstra
If 2017 is to be remembered for anything it will surely be the dramatic increase of data breaches and cyberattacks reported in the media. We all know cyber criminals are using increasingly sophisticated techniques to gain access to company networks, just as we know how the impact of such an occurrence can have devastating consequences on reputation, revenue and customer trust. It has been suggested that the average cost of a data breach is $3.62 million, according to research conducted by Ponemon Institute.
Protecting systems from complex and sophisticated data breaches is
difficult enough, but it is even harder within a distributed store IT environment,
such as those in nationwide retail chains or franchise businesses. Many of these retail organizations now need to process large
amounts of data at the edge — in the physical store where the need for
information relating to promotions, offers and stock inventory is required in
‘real time’.
The Cyber Threat Is Real
What this means is that retailers are increasingly bearing the weight of having to project not just their own data, but that of customers too. And it’s a problem that is not going away. In fact, the incidence of attacks seems to be on the rise.
Research by Zynstra has uncovered that retailers are now being hit by a cyberattack on average twice a week — with 16% saying they now experience an attack or attempted attack every day. Among retailers, the occurrence of cyberattacks was found to be especially high in the grocery sector, with almost twice as many (29%) respondents having to deal with attempted security breaches every day, and 55% doing so every week. In other retail verticals, 65% of respondents in the sports and outdoor sector said they responded once a week, as did 49% of fashion retailers and 40% of department stores.
For modern retailers that have a distributed store network throughout the country or internationally, there are many unique security challenges. Changing consumer demands and increasingly stringent regulatory pressures are both catalysts for change, and have forced distributed retail enterprises to carefully consider how they protect themselves, and their data, moving forward.
What’s The Solution?
While the issue is a serious one, there are ways to mitigate risk; one of the most effective tactics to ensure that infrastructure remains resilient is to regularly apply security patches and updates.
Research from Verizon suggests that over 70% of security breaches now come from not keeping systems up to date. In fact, the impact of last year’s most infamous cyberattack, the WannaCry ransomware attack, could have been mitigated if available patches had been installed.
However, when it comes to patching there is a complex supply chain that needs to be built and maintained upstream of any deployed systems. In order to reduce the risk of systems failing as a part of the patch process and make the task manageable, production engineering methods, automation and rollback must be at the heart of any viable current solution. Otherwise the risk of manual error or omission becomes too great.
The Zynstra research highlights that work still needs to be done when it comes to risk mitigation — only 55% of retailers currently apply security upgrades and patches across their branch network weekly, and 77% once a month. When it comes to backing up critical in-store data across their store network though, the results are more encouraging, with 75% doing so once a week, and 46% doing it daily.
From an IT security point of view retailers will continue to face challenges. Again, this is something reinforced in the research. Only 33% of respondents said that they are very confident that their store network is secure. In fact, they cited a few major concerns, including backup data not being restored quickly enough in the event of a cyber event (37%), and patches and upgrades not being applied in a timely manner (22%).
Conclusion
As a result of operating in such a challenging landscape, retailers need to consider a new approach, one that takes the load off IT teams and increases cyber resilience, through the intelligent automation of processes required to keep branches secure. The solution lies in having a centrally managed secure platform to achieve this level of automation. In addition, it is important that IT in the store is not the weak point in the front line. Rather, it should form part of the retailer’s cyber security strategy alongside securing head office and the data center.
Nick East is co-founder and CEO of Zynstra, the award-winning leader in automated branch IT solutions. Zynstra is reinventing the way distributed multi-site organizations and SMBs buy and manage their IT infrastructure, and offers new opportunities to IT service providers to build value into their business. Following extensive cooperative development, Zynstra software is an integral part of a new family of HPE servers: the Proliant Easy Connect EC200A. East was previously part of Cramer from startup through to its $425 million acquisition by Amdocs, where he was subsequently GM of their OSS division.