Upload File

eight ways retailers can avoid digital theft

1
he problem is mirrored overseas, where several top retailers and hundreds of banks have been victims of digital theft. Millions of consumers were violated and losses amounting to more than $2 billion were counted in the US last year alone. Retailers make a particularly attractive target for hackers and thieves. They are vulnerable because merchants handle lots of sensitive data, they are highly distributed (that is, lots of open doors) and, in the words of bank robber Willie Sutton, “That’s where the money is”. Not just actual money – limitless fortunes can be made with stolen identities now. For individual corporate victims, the toll includes actual losses, investigation and reporting costs, insurance and banking fees, regulatory and security compliance and, of course, liability lawsuits. Clearly, the best way to respond to a data breach is not to have one. That means doing everything possible to prevent hackers from breaking and entering. Retailers can do so by adhering to the following key practices: Know your vulnerabilities. Every organisation has actual and potential vulnerabilities. Some are obvious, others less so. While retailers will never know them all, they can anticipate and manage them better with continuous and collaborative vulnerability assessments to help measure exposure. Remember, hackers assume that each retailer is compliant with whatever regulations apply to its business. They don’t have a checklist, they have a mission. The retailer must have one too. Validate, validate, validate. Never assume that something has been done or fixed. Demand proof. In the case of a major clothing retailer in the US, the testers assumed the wireless network was disabled. It wasn’t, and the rest is history. Moral of the story: make sure to confirm the status of everything on every network. This includes computers and devices management doesn’t think are operational or that were never turned off or formally decommissioned. Far too often, hardware isn’t updated with the latest security measures because nobody believed the devices were part of the network. So validate all assumptions. Then do so again. Know the partner network. Each retailer will know its own network, but that network isn’t the only thing on a retailer’s network. There are point-of-sale terminals, suppliers, administrators, HR managers and thousands of others hanging on to the network from the outside. Know who they are and what their security looks like. All the time. An attack on a large discount retailer occurred because a vendor had legitimate access to the network for billing and invoicing. That company’s vulnerability ultimately impacted the retailer. It is not enough to have a contract requiring partners to secure things on their end, the security of all partners must be tested too. Always keep an eye on the back door. One of the most common network breaches occurs with default passwords or hardware configurations, frequently at the point-of-sale terminal. To counter this, every single POS terminal must have its defaults removed, and this must be checked frequently. If they are rebooted or reset, the defaults may have to be removed again. The same is true for every wireless router and connection. Since attacks are happening higher up the chain, a retailer must validate its entire supply chain to prevent malware insertion and insist that all its vendors do the same. Know your vendors. This includes not just hardware and software suppliers, but also lawyers and accountants, HR and recruiters, architects and engineers, consultants and third parties, cloud providers, business and technology service providers and consultants. Any of these can introduce a vulnerability into a retailer’s network. So make sure they are trained and agree to your policies and data procedures. Then work up their supply chains, since their own vendors can introduce vulnerabilities into a network. Prepare an IOT strategy. You think it’s bad now? Just wait. Once the internet of things (IOT) is fully realised, there will be exponentially more data exposure, vulnerable handlers and open doors – billions of them, by way of all the new connected devices. Don’t be too afraid of this technology. Develop a strategy that makes these IP-aware and addressable devices work for you, instead of against you. Learn to say ‘yes’. When confronted with new technology and its associated liability, many companies are too quick to say no. The lawyers say no, the regulators say ‘no’, the CIO and IT directors all say no: no USB. No wi-fi. No cloud. No IOT. No RFID. No iPay. That’s the wrong answer. If a retailer prohibits useful technology, its people will just move to simpler, often less secure workarounds. So at least say ‘maybe’, although ‘yes’ is better. Then secure whatever is deemed useful instead of fearing it. Make this a chief executive concern. Preventing data theft isn’t a security issue, nor is it a technology, legal or compliance issue. It’s a company-wide concern, fundamental to the very core of retail. Security is not something to simply bolt on, it is integral to every business decision. Thus, security is a CEO and board of directors’ issue. It enables and empowers every aspect of a company. With so much at stake, it deserves a seat at the top table, as well as a top budget and the ear of the CEO. T Eight ways retailers can avoid digital theft Alan Fanarof ANZ Practice Head for Retail and Consumer Goods Alan Fanarof is the ANZ Practice Head for Retail and Consumer Goods at consulting and IT major Cognizant. He has more than 30 years of practical domain experience across retail and allied industries, including hands-on experience in C-level and business roles across some of Australia’s key retailers, delivering large business transformation projects. In his current role, he provides strategic services to Australian blue-chip customers. According to the Australian Retailers Association, retail theft forms part of the largest crime category in Australia, costing the retail sector more than $7.5 billion each year. About Cognizant Cognizant (NASDAQ: CTSH) is a leading provider of information technology, consulting, and business process outsourcing services, dedicated to helping the world’s leading companies to build stronger businesses. With more than 75 development and delivery centres worldwide and approximately 199,700 employees as of September 30, 2014, Cognizant is ranked among the top-performing and fastest-growing companies in the world. Visit us online at www.cognizant.com or follow us on Twitter: Cognizant. SEPTEMBER 7, 2015 53 BUSINESS – INFORMATION TECHNOLOGY 53.indd 53 25/08/15 3:51 PM

Upload: others

Post on 12-Apr-2022

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Eight ways retailers can avoid digital theft

he problem is mirrored overseas, where several top

retailers and hundreds of banks have been victims of digital theft. Millions of consumers were violated and losses amounting to more than $2 billion were counted in the US last year alone.

Retailers make a particularly attractive target for hackers and thieves. They are vulnerable because merchants handle lots of sensitive data, they are highly distributed (that is, lots of open doors) and, in the words of bank robber Willie Sutton, “That’s where the money is”. Not just actual money – limitless fortunes can be made with stolen identities now.

For individual corporate victims, the toll includes actual losses, investigation and reporting costs, insurance and banking fees, regulatory and security compliance and, of course, liability lawsuits.

Clearly, the best way to respond to a data breach is not to have one. That means doing everything possible to prevent hackers from breaking and entering. Retailers can do so by adhering to the following key practices:

Know your vulnerabilities. Every organisation has actual and potential vulnerabilities. Some are obvious, others less so. While retailers will never know them all, they can anticipate and manage them better with continuous and collaborative vulnerability assessments to help measure exposure. Remember, hackers assume that each retailer is compliant with whatever regulations apply to its business. They don’t have a checklist, they have a mission. The retailer must have one too.

Validate, validate, validate.Never assume that something has been done or fixed. Demand proof. In the case of a major clothing retailer in the US, the testers assumed the wireless network was disabled. It wasn’t, and the rest is history. Moral of the story: make sure to confirm the status of everything on every network. This includes computers and devices management doesn’t think are operational or that were never turned off or formally decommissioned. Far too often, hardware isn’t updated with the latest security measures because nobody believed the devices were

part of the network. So validate all assumptions. Then do so again.

Know the partner network. Each retailer will know its own network, but that network isn’t the only thing on a retailer’s network. There are point-of-sale terminals, suppliers, administrators, HR managers and thousands of others hanging on to the network from the outside. Know who they are and what their security looks like. All the time. An attack on a large discount retailer occurred because a vendor had legitimate access to the network for billing and invoicing. That company’s vulnerability ultimately impacted the retailer. It is not enough to have a contract requiring partners to secure things on their end, the security of all partners must be tested too.

Always keep an eye on the back door. One of the most common network breaches occurs with default passwords or hardware configurations, frequently at the point-of-sale terminal. To counter this, every single POS terminal must have its defaults removed, and this must be checked frequently. If they are rebooted or reset, the defaults may have to be removed again. The same is true for every wireless router and connection. Since attacks are happening higher up the chain, a retailer must validate its entire supply chain to prevent malware insertion and insist that all its vendors do the same.

Know your vendors. This includes not just hardware and software suppliers, but also lawyers and accountants, HR and recruiters, architects and engineers, consultants and third parties, cloud providers, business and technology service providers and consultants. Any of these can introduce a vulnerability

into a retailer’s network. So make sure they are trained and agree to your policies and data procedures. Then work up their supply chains, since their own vendors can introduce vulnerabilities into a network.

Prepare an IOT strategy. You think it’s bad now? Just wait. Once the internet of things (IOT) is fully realised, there will be exponentially more data exposure, vulnerable handlers and open doors – billions of them, by way of all the new connected devices. Don’t be too afraid of this technology. Develop a strategy that makes these IP-aware and addressable devices work for you, instead of against you.

Learn to say ‘yes’. When confronted with new technology and its associated liability, many companies are too quick to say no. The lawyers say no, the regulators say ‘no’, the CIO and IT directors all say no: no USB. No wi-fi. No cloud. No IOT. No RFID. No iPay. That’s the wrong answer. If a retailer prohibits useful technology, its people will just move to simpler, often less secure workarounds. So at least say ‘maybe’, although ‘yes’ is better. Then secure whatever is deemed useful instead of fearing it.

Make this a chief executive concern. Preventing data theft isn’t a security issue, nor is it a technology, legal or compliance issue. It’s a company-wide concern, fundamental to the very core of retail. Security is not something to simply bolt on, it is integral to every business decision. Thus, security is a CEO and board of directors’ issue. It enables and empowers every aspect of a company. With so much at stake, it deserves a seat at the top table, as well as a top budget and the ear of the CEO.

T

Eight ways retailers can avoid digital theft

Alan FanarofANZ Practice Head for Retail and Consumer Goods Alan Fanarof is the ANZ Practice Head for Retail and Consumer Goods at consulting and IT major Cognizant. He has more than 30 years of practical domain experience across retail and allied industries, including hands-on experience in C-level and business roles across some of Australia’s key retailers, delivering large business transformation projects. In his current role, he provides strategic services to Australian blue-chip customers.

According to the Australian Retailers Association, retail theft forms part of the largest crime category in Australia, costing the retail sector more than $7.5 billion each year.

About CognizantCognizant (NASDAQ: CTSH) is a leading provider of information technology, consulting, and business process outsourcing services, dedicated to helping the world’s leading companies to build stronger businesses. With more than 75 development and delivery centres worldwide and approximately 199,700 employees as of September 30, 2014, Cognizant is ranked among the top-performing and fastest-growing companies in the world. Visit us online at www.cognizant.com or follow us on Twitter: Cognizant.

S EPTEMBER 7 , 2 0 1 5 53

B U S I N E S S – I N F O R M AT I O N T E C H N O L O G Y

53.indd 53 25/08/15 3:51 PM

Mobile Theft & Loss Report...Mobile Theft & Loss Report | March 2020 05 The Evolution of Theft The first edition of the Mobile Theft & Loss Report, which represented 2018’s theft

Mastercard Guide to Benefits...photos of the damage. •If the claim is due to theft, a copy of the police report filed within forty-eight (48) hours of the theft. Identity Fraud Expense

Identity Theft Repair Kit - Stop Fraud Colorado Theft... · Identity Theft Repair Kit 1. ... They have a search warrant. They inform ... What is Identity Theft? Identity theft occurs

Types of Retailers. Food Retailers General Merchandise Retailers Non Store Retail Formats Service Retailers

182 AGENTS AND IDENTITY THEFT - ceclass.com · AGENTS AND IDENTITY THEFT 182 What is Identity Theft, 4 Identity Theft & Insurance, 17 Agents & Identity Thefts, 33 Identity Theft Insurance,

with the Identity Theft CompliancePal! - First DataCompliance Pal identy theft prevention program to combat identity theft Keywords: Compliance Pal, combat identity theft, Identity

Sector Retailers - GulfBase Retailers - GulfBase ... Sector Report

police and retailers join forces to fight organized retail theft

 · Web view*Larceny/Theft—includes, pocket picking, purse snatching, shoplifting, theft from building, theft from motor vehicle, theft of motor vehicle parts or accessories, and

Legal Insurance with Identity Theft ProtectionIdentity Theft Protection Identity Theft Protection provides an even stronger front line of defense against identity theft, including:

"Art as Theft/Theft as Art: Using Imitation

huawei0115 - 8flags8flags.com.sg/wordpress/wp-content/uploads/2015/03/huawei0115.… · Eight Flags Eight Flags Eight Flags Eight Flags Eight Flags Eight Flags Eight Flags Eight Flags

Identity Theft What is Identity Theft? Identity theft is a serious crime. Identity theft happens when someone uses information about you without your

ZoneOffenseDayNight 1 THEFT - GRAND FROM A DWELLING $100-$3001 THEFT - THEFT OF CREDIT CARD 1

Intelligence-Led Public Safety - Motorola Solutions · Intelligence-Led Public Safety - POLICE AND RETAILERS JOIN FORCES TO FIGHT ORGANIZED RETAIL THEFT Solution Brief Author: Motorola

the 10 best retailers the 10 best retailers

Reducing Internal Theft 2deterring employee theft

IDENTITY THEFT COVERAGE ON INSURANCE POLICIES · IDENTITY THEFT COVERAGE ON INSURANCE POLICIES. Slide 1 Identity Theft Coverage on Insurance Policies ... or identity theft They are

Impact of Organized Retailers on Small Retailers

Eight deliciously crunchy choices. · crunchy choices. Crispy, tasty, convenient, and fun – OH SNAP! pickles and veggies delivers what retailers are looking for ... Transaction-building

Types of Store-Based Retailers Service Retailers 2

Identity Theft How To Avoid Identity Theft When Job Searching Presented By: Mike Nicholas Identity Theft How To Avoid Identity Theft When Job Searching

Internal Theft Awareness Webinar. Preventing Internal Theft

Identity Theft

Grand theft

Smart Theft Monitoring System - Directory Listingdocbox.etsi.org/Workshop/2013/201306_SMARTCITIES/S05...Smart Theft Monitoring System Define: Power theft • Power theft is the illegal

Intellectual theft

HOW RETAILERS USE ANALYTICS TO STAY AHEAD · 2018. 8. 3. · distortion and boost same-store sales. TASKS 38% SHOPLIFTING 34.5% EMPLOYEE/INTERNAL THEFT 16.5% ADMINISTRATIVE & PAPERWORK

Eight Ways to Guard Against Identity Theft When Applying for Jobs Online

Volume 101 Number 5 - Alpha High Theft Solutions · Last-Mile Customer Experience 1. Know what the customer expects: In order to meet customers’ expec-tations, retailers must know

The XDK Car Theft Alarm System - Bosch Connected Devices ...€¦ · theft alarm uses only one of the eight sensors of the XDK kit, the accelerometer, and the included microcontroller

Future - Saving for College · finances. This eight-volume set provides helpful guidance to readers who are ... protecting themselves from identify theft, planning for college and

TOOL & LABEL MATCHER - Tool Label... · solutions. Checkpoint’s global team partners with retailers to reduce theft, achieve operational excellence, increase inventory visibility

BEYOND THE BREAK-IN - Alarm Systems for Home and Business · Concern on theft and vandalism –but are focused on driving sales and revenue: Retailers are most concerned that their

Anti-Theft Anti-Theft - Passive Anti-Theft System (PATS