For many countries, the run-up to Christmas has a marked impact on retail spending, but retailers must not neglect their approach to cyber risk during this busy period.


The Financial Times reports that so-called “Black Friday” sales following the Thanksgiving holiday at the end of November saw record online purchases in the US with other countries seeing similarly buoyant online retail revenue. 


While increased revenue in an often low-margin sector is great short-term news for retailers, their growing attractiveness as a 24/7 target for cybercriminals (who may be enticed by the volume of customer data and retailers’ requirement for continuous availability) is fast becoming a major concern. We’ve chosen to focus our GTIC Monthly Threat Report for November specifically on retail given the prevalence of attacks over the Thanksgiving and Christmas holidays, offering handy advice.

Unfortunately, despite being in a vulnerable position, many retailers are not doing enough to secure their information assets. New analysis from NTT Security shows that the retail sector is adopting only marginally more good practice than bad practice in cybersecurity. 

This inaction is being recognized by customers. According to research conducted for the cybersecurity event Infosecurity Europe 2019, retailers aren’t doing enough to reassure shoppers: just one quarter currently feel reassured that retailers are doing enough to protect against cyber attacks. What should really worry retailers is that 55% of their customers would go elsewhere if a breach occurred.

So what should retailers do? A layered and balanced approach is required, wrapped in a comprehensive incident response plan that enables fast recovery, with the impact minimized through strong communication and provision of guidance to affected parties. So often, well-known brands have suffered a breach and taken steps to address it, but have fallen short on communicating what has happened and when. 

A well-formulated incident response plan not only addresses the immediate issue, but it also informs all relevant parties what has happened and what they need to do next. 

This is vital for both business continuity and minimizing the impact to customers, perhaps also reducing brand damage and maintaining a level of goodwill or trust, as highlighted in the NTT Security Risk:Value Report 2018.

But what should a layered approach to risk management involve? First and foremost, it is critical that businesses are fully aware of i) their risk profile, and ii) how they store and process data. 

A risk assessment service can help achieve this as it discovers and evaluates an organization’s risk profile against agreed metrics and proposes a prioritized list of activities to address identified vulnerabilities. The assessment might involve a blend of people, technology and processes that reduce the risk of successful attacks, along with other technology and techniques, like sandboxing, that identify advanced threats that may reach critical systems and a defined plan of action to act on identified risks.

Retailers should focus on the integrity of their data, identity and access management and embedding best cybersecurity practice throughout their organization, appointing best practice security and privacy champions at every level and ensuring all staff are aware of their responsibilities.

As a result of threats occurring around the clock, it is crucial that a balanced and well-communicated approach to cybersecurity is established and maintained at all times. 

Here are five tips to help mitigate cyber risks:

·       Understand your risk profile: Conduct an annual risk insight exercise to understand the current risk exposure and to keep the board engaged on the subject of cyber risk.

·       Secure configuration – keep software patched

·       Educate employees – develop a culture such that employees not only know company policies and incident response processes but feel they should behave in the right way.

·       Incident response – establish, test and communicate incident management plans.

·       Monitoring – continuously monitor in order to spot potential attacks and anomalies and minimize risk.