Retail is more vulnerable to cyberattacks due to the nature of its online traffic and the design of its ecommerce websites.Oliver Wyman
The National Retail Federation’s 2020 Retail Security Survey came to similar conclusions offering defensive ideas for protection. Stores and chains have revved up their focus on ecommerce crime and cyber-related incidents, such as data breaches, to considerably higher priorities than they were five years ago, according to NRF. Retailers have also bumped up the importance of long-standing problems, such as internal theft (“pilferage”) and return fraud — both of which have become significant problems in the cyberworld as well. In the evaluation process, NRF has developed a roster of defense tactics.
The NRF study found that retailers are “devoting more resources to fight” cybercrime, including top priorities for remote monitoring technology, upgraded point of sale (POS) systems and refund history tracking programs. Stores are also revising and updating risk management planning, risk/vulnerability assessments and other security improvements.
Business analysts contend that COVID-19 has further encouraged retailers to reexamine their supply chain processes by, for example, evaluating their sourcing procedures, to make sure they are not solely reliant on single-source factories in Asia. CTA’s recent report on supply chain, The Balancing Act: How SMEs Are Adjusting Their Supply Chains To A New Normal, advises SMEs develop a single source of truth by collaborating more with suppliers, manufacturers, and employees, tweaking ERP systems, and increasing data-sharing. Such decisions may require new thinking about data transparency. Experts suggest that access to data will encourage more resiliency in supply chains and that technology is the only way to assure such visibility. But others fret that more open sharing of data threatens security lapses.
Studies at BlueVoyant, another security management firm, examined the dangers of third-party relationships. BlueVoyant’s report, Supply Chain Cyber Risk, quotes Goldman Sachs Board Director Phil Venables, who says, “It is very important to review the security of your vendors before you engage them, to make sure they are capable of meeting your needs or otherwise enhancing their controls before they are onboarded.”
Venables, who is also senior advisor of risk and cybersecurity, adds, “It is equally important to establish an approach of continuous monitoring to help assure that such control continues to be in place over the life of the engagement.” Based on that outlook, BlueVoyant recommends that companies build extended cybersecurity relationships with partners in their supply chains.
“Drive supplier risk-reduction activity by building constructive support for suppliers into your third-party cyber risk management program,” the BlueVoyant report concludes. “Alert the vendor when new risks emerge and provide practical steps for them to follow to solve the problem.”
I3, the flagship magazine from the Consumer Technology Association (CTA)®, focuses on innovation in technology, policy and business as well as the entrepreneurs, industry leaders and startups that grow the consumer technology industry. Subscriptions to i3 are available free to qualified participants in the consumer electronics industry.