Retail security is a big concern for retailers. Billions of dollars are lost yearly due to employe theft and shoplifting. But having the security in place is not necessarily enough, training personnel-Management and hourly employees-is as vital to the success of the effectiveness of the security system as the security system itself. It is true that many of the big retailers across the United States spend millions of dollars a year in security systems for their stores, but they also spend millions of dollars in cybersecurity as well. The threat is real and the cost of a security breach is all too present.
For more about this topic follow the links below.
Retail crime hit a 10-year high in the 2013-14 financial year, with the £603m losses recorded by UK retailers 18% higher than those racked up in the previous 12 months.
Despite this, the British Retail Consortium’s (BRC) annual crime survey also revealed that the volume of theft offences actually fell 4%. While conventional security technology – primarily CCTV and electronic product tags – has been effective at reducing petty shoplifting, a surge in gang-related bulk theft is soaring.
The average value of goods, money or services stolen now averages £241 per incident.
Clearly, the security industry must evolve its approach to tackle this growing threat.
As Retail week Live packs up for another year, we asked several security experts how the industry is harnessing – and could harness – the latest cutting-edge technology to improve not only retail security, but commercial performance too.
RBTE 2016: Data security must be retail’s priority in 2016
Essential Retail caught up with PCI Security Standards Council international director, Jeremy King, to talk all things related to data security in retail. King is speaking at RBTE in London, this afternoon.
Essential Retail (ER): What should be key data security priorities for organisations in 2016?
Jeremy King (JK): Simply put, reducing risk and making data security business-as-usual. Organisations cannot afford to do anything less -not with 90% of large organisations and 74% of small organisations suffering data breaches, and the average cost of a breach reaching well over £3 million.
The European government is introducing new regulations to protect customer data this year, which puts added pressure on organisations to demonstrate their data security efforts. Even though these regulations will not come into effect until late 2017 or early 2018, good data security takes time and effort, so organisations need to make this a priority now.
ER: What about top threats or areas of concern for retailers?
JK: Phishing continues to be an easy way for attackers to get into merchant systems – but it’s something that can be prevented. Retailers need to be aware of these attacks and others and train their employees on how to spot them and protect against them. This is where incidence response comes in. If we take the example of phishing, on average it still takes an organisation 23.7 days to resolve a cyberattack caused by phishing or social engineering! Improving security controls and processes to identify and detect attacks quickly, using the PCI Data Security Standards, and establishing an incidence response should also be a key concern for organisations in 2016.
The DIY Approach To Retail Data Security
As retailers tend to have more pressing day-to-day concerns than security — namely, selling their products to customers — it can be tempting for them to regularly presume, in acknowledging the endlessly escalating battle between cybercriminals and protective measure technologists, that the experts in the latter group will develop something to counteract whatever the bad guys come up with in short time.
Sometimes, that assumption is accurate.
In the recent instance of the XSS security vulnerabilities that befell the online shopping cart Zen Cart, for example, the company acted quickly to solve its own problem.
When researchers from Trustwave’s SpiderLabs Research team sussed out weaknesses in the Zen Cart application that could allow malicious actors to gain access to cookies, sensitive information and site defacement of online merchants that used the shopping cart, they informed Zen Cart of the situation and immediately began working with the company to develop a fix.
Speak Your Mind
You must be logged in to post a comment.